Overview

The Microsoft 365 connector enables your AI Colleagues to integrate with your organization's Microsoft 365 platform, facilitating automated identity management, user lifecycle operations, group administration, device management, and Excel workbook automation.

Microsoft 365 is Microsoft's comprehensive cloud-based productivity suite that includes identity services (Microsoft Entra ID), collaboration tools, and business applications. The Microsoft 365 connector allows Leena AI to automate administrative workflows, manage users and groups, handle device operations, and interact with Excel workbooks seamlessly through the Microsoft Graph API.

API Details

Leena AI integrates with Microsoft 365 via the Microsoft Graph REST API.

Documentation link: https://learn.microsoft.com/en-us/graph/overview

Setup

The Microsoft 365 connector uses OAuth 2.0 authentication with the client credentials grant type.

Prerequisites

Before setting up the Microsoft 365 connector, ensure you have:

Administrator access to Microsoft Entra Admin Center (formerly Azure AD)
Access to Microsoft Azure Portal with App Registration permissions
Ability to create and configure OAuth applications in Microsoft Entra ID
Permissions to grant admin consent for Microsoft Graph API permissions
Access to your Leena AI workspace with connector management permissions

Get credentials

Here is how to create an App Registration in Microsoft Entra Admin Center:

Log in to Microsoft Entra Admin Center (https://entra.microsoft.com) or Azure Portal (https://portal.azure.com)
Navigate to App Registrations:
1. Click on Microsoft Entra ID (Azure Active Directory) in the sidebar
2. Select App registrations
3. Click + New registration
Configure App Registration:
1. Name: Enter a descriptive name for your application (e.g., "Leena AI Microsoft 365 Connector")
2. Supported account types: Select "Accounts in this organizational directory only"
3. Redirect URI: Leave blank for now (will be configured later)
4. Click Register
Note Application Credentials:
1. On the Overview page, copy the Application (client) ID
2. Copy the Directory (tenant) ID
Create Client Secret:
1. Navigate to Certificates & secrets
2. Click + New client secret
3. Add a description and select an expiration period
4. Click Add
5. Important: Copy the secret Value immediately (it will only be displayed once)
Configure API Permissions:
1. Navigate to API permissions
2. Click + Add a permission
3. Select Microsoft Graph
4. Select Application permissions
5. Add the required permissions based on your use case:
  - User.ReadWrite.All - For user management
  - Group.ReadWrite.All - For group management
  - Directory.ReadWrite.All - For directory operations
  - Device.ReadWrite.All - For device management
  - UserAuthenticationMethod.ReadWrite.All - For MFA reset operations
  - Files.ReadWrite.All - For Excel workbook operations
6. Click Add permissions
Grant Admin Consent:
1. Click Grant admin consent for [Your Organization]
2. Confirm by clicking Yes

Add connection

Here is how to add a connection on Leena AI:

Log in to your Leena AI workspace
Navigate to Settings > Integrations
Search for "Microsoft 365" and select it from the list to add its new connector
Start configuring the connector
1. Tenant ID: Your Microsoft Entra Directory (tenant) ID
2. Client ID: Application (client) ID from App Registration
3. Client Secret: The client secret value created earlier
4. Scope: Microsoft Graph API scope (Pre-filled as 'https://graph.microsoft.com/.default')
5. Grant Type: Authorization grant type for OAuth 2.0 (Pre-filled as 'client_credentials')
6. ID Mapping Fields: The profile field in Leena AI which corresponds to unique identifier in Microsoft 365 (Pre-filled with 'email')
Save and Verify Connection
1. Click Save to store the connector configuration
2. The connector will automatically acquire an access token using client credentials
3. Verify the connection status shows as connected

Actions

The following actions are supported for the Microsoft 365 connector:

Users: Create User

Creates a new user account in Microsoft Entra ID. The Agent can leverage the skill (workflow), which has been designed to create a new user in Microsoft 365, once the user raises a query to do so.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Account Enabled	Whether the user account is enabled
Display Name	The name displayed in the address book for the user
Mail Nickname	The mail alias for the user
User Principal Name	The user principal name (UPN) in format [email protected]
Password	The password for the user account

Optional

Name	Description
Force Change Password Next Sign In	Whether the user must change password on next login
Force Change Password Next Sign In With MFA	Whether to force password change with MFA on next login
Employee ID	The employee identifier assigned to the user
Job Title	The user's job title
Department	The name of the department where the user works
Office Location	The office location in the user's place of business
Company Name	The company name associated with the user
Mobile Phone	The primary cellular telephone number for the user
Business Phones	List of telephone numbers for the user
Manager	The user ID of the manager for this user

Here is a sample JSON input:

{
  "accountEnabled": true,
  "displayName": "John Doe",
  "mailNickname": "johndoe",
  "userPrincipalName": "[email protected]",
  "passwordProfile": {
    "password": "SecureP@ssw0rd!",
    "forceChangePasswordNextSignIn": true,
    "forceChangePasswordNextSignInWithMfa": false
  },
  "employeeId": "EMP001",
  "jobTitle": "Software Engineer",
  "department": "Engineering",
  "officeLocation": "Building A, Floor 3",
  "companyName": "Contoso Ltd",
  "mobilePhone": "+1-555-0123",
  "businessPhones": [
    {"businessPhone": "+1-555-0124"}
  ],
  "manager": "98765432-abcd-efgh-ijkl-mnopqrstuvwx"
}

Response

Upon successful creation, the action returns the created user details including:

User ID
User Principal Name
Display Name
Account status
Creation timestamp

Users: Update User

Updates an existing user account in Microsoft Entra ID. The Agent can leverage the skill (workflow), which has been designed to modify user properties, once the user provides the details to be updated.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user to be updated
JSON Body	The JSON payload containing properties to update

Here is a sample JSON input:

{
  "id": "12345678-abcd-efgh-ijkl-mnopqrstuvwx",
  "jsonBody": {
    "jobTitle": "Senior Software Engineer",
    "department": "Platform Engineering",
    "officeLocation": "Building B, Floor 5",
    "mobilePhone": "+1-555-9999"
  }
}

Response

Upon successful update, the action returns:

Confirmation of successful update
Updated user properties
Modification timestamp

Users: Delete User

Deletes an existing user account from Microsoft Entra ID. The Agent can leverage the skill (workflow), which has been designed to remove a user from the directory.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user to be deleted

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx"
}

Response

Upon successful deletion, the action returns:

Confirmation of successful deletion
Deletion timestamp

Users: Get User by Id

Retrieves detailed information about a specific user from Microsoft Entra ID.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user to retrieve

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx"
}

Response

The action returns the user details including:

User ID
Display Name
User Principal Name
Job Title
Department
Office Location
Contact Information
Account Status

Users: List Users

Retrieves a list of users from Microsoft Entra ID with optional filtering and pagination.

Input Parameters

Here are the input parameters required to set up this action:

Optional

Name	Description
Filter	OData filter expression (e.g., "mail eq '[email protected]'")
Count	Whether to include a count of items
Top	Maximum number of results to return
Skip Token	Pagination token for retrieving next page of results
Select	Comma-separated list of properties to return
Expand	Related entities to include in the response
Order By	Property to sort results by
Search	Search string to filter results

Here is a sample JSON input:

{
  "filter": "department eq 'Engineering'",
  "count": true,
  "top": 50,
  "select": "id,displayName,mail,jobTitle,department",
  "orderby": "displayName"
}

Response

The action returns a list of users, each containing:

User ID
Display Name
Email Address
Job Title
Department
Additional requested properties

Users: Assign Licenses

Assigns Microsoft 365 licenses to a user account. The Agent can leverage the skill (workflow) to grant users access to Microsoft 365 services.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user

Optional

Name	Description
Add Licenses	Array of license SKU IDs to assign to the user
Remove Licenses	Array of license SKU IDs to remove from the user

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx",
  "addLicenses": [
    {"skuId": "c7df2760-2c81-4ef7-b578-5b5392b571df"}
  ],
  "removeLicenses": []
}

Response

Upon successful assignment, the action returns:

Confirmation of license assignment
Updated license status
Assigned services

Users: List assigned licenses

Retrieves the list of licenses assigned to a specific user.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx"
}

Response

The action returns a list of assigned licenses including:

License SKU ID
License Name
Assigned Services
Assignment Date

Users: List group memberships

Retrieves all groups that a user is a member of.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx"
}

Response

The action returns a list of groups including:

Group ID
Display Name
Group Type
Mail Address

Users: List Owned Devices

Retrieves all devices owned by a specific user.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user

Optional

Name	Description
Filter	OData filter expression to filter devices
Select	Comma-separated list of properties to return

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx",
  "filter": "operatingSystem eq 'Windows'",
  "select": "id,displayName,operatingSystem,operatingSystemVersion"
}

Response

The action returns a list of owned devices including:

Device ID
Display Name
Operating System
OS Version
Trust Type
Registration Status

Users: Reset multifactor authentication (MFA)

Resets a specific MFA method for a user. The Agent can leverage this action to help users who have lost access to their authentication methods.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user
Authentication Method Type	The type of authentication method to reset

Optional (based on Authentication Method Type)

Name	Description
Phone Method ID	ID of the phone method (for Phone type)
FIDO2 ID	ID of the FIDO2 key (for FIDO2 type)
Microsoft Authenticator ID	ID of the Authenticator app (for Authenticator type)
Password ID	ID of the password method (for Password type)
Software OATH Authentication Method ID	ID of the OATH token (for Software OATH type)
Temporary Access Pass Authentication Method ID	ID of the TAP (for Temporary Access Pass type)
Windows Hello For Business Authentication Method ID	ID of the WHfB (for Windows Hello type)

Authentication Method Types:

EMAIL_METHODS: Reset email authentication method
FIDO2_METHODS: Reset FIDO2 security key
MICROSOFT_AUTHENTICATOR_METHODS: Reset Microsoft Authenticator app
PHONE: Reset phone authentication method (mobile, alternateMobile, office)
PASSWORD_METHODS: Reset password method
SOFTWARE_OATH_METHODS: Reset software OATH token
TEMPORARY_ACCESS_PASS_METHODS: Delete temporary access pass
WINDOWS_HELLO_FOR_BUSINESS_METHODS: Reset Windows Hello for Business

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx",
  "authenticationMethodType": "FIDO2_METHODS",
  "fido2Id": "abc123def456"
}

Response

Upon successful reset, the action returns:

Confirmation of MFA method reset
Reset timestamp

Change Password

Changes the password for a user account.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the user
Current Password	The user's current password
New Password	The new password to set

Here is a sample JSON input:

{
  "userId": "12345678-abcd-efgh-ijkl-mnopqrstuvwx",
  "currentPassword": "OldP@ssword123",
  "newPassword": "NewSecureP@ss456!"
}

Response

Upon successful password change, the action returns:

Confirmation of password change
Change timestamp

Groups: Create Group

Creates a new group in Microsoft Entra ID. The Agent can leverage this action to provision security groups or Microsoft 365 groups.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Display Name	The name to display for the group
Mail Nickname	The mail alias for the group
Group Types	The type of group (e.g., 'Unified' for Microsoft 365)
Members	Array of user IDs to add as initial members

Optional

Name	Description
Description	Description for the group
Mail Enabled	Whether the group is mail-enabled (default: true)
Security Enabled	Whether the group is security-enabled
Owners	Array of user IDs to set as group owners
Membership Rule	Dynamic membership rule expression
Membership Rule Processing State	State of dynamic membership processing (On/Paused)

Group Types:

Unified: Microsoft 365 group with collaboration features
DynamicMembership: Group with automatic membership based on rules
Security: Security group for access control

Here is a sample JSON input:

{
  "displayName": "Engineering Team",
  "mailNickname": "engineering-team",
  "description": "Group for the Engineering department",
  "groupTypes": ["Unified"],
  "mailEnabled": true,
  "securityEnabled": false,
  "owners": ["owner-user-id-1", "owner-user-id-2"],
  "members": ["member-user-id-1", "member-user-id-2", "member-user-id-3"]
}

Response

Upon successful creation, the action returns:

Group ID
Display Name
Mail Address
Group Type
Creation timestamp

Groups: List Groups

Retrieves a list of groups from Microsoft Entra ID.

Input Parameters

Here are the input parameters required to set up this action:

Optional

Name	Description
Filter	OData filter expression (e.g., "displayName eq 'Engineering'")
Count	Whether to include a count of items
Top	Maximum number of results to return
Select	Comma-separated list of properties to return
Expand	Related entities to include in the response
Order By	Property to sort results by
Search	Search string to filter results

Here is a sample JSON input:

{
  "filter": "groupTypes/any(c:c eq 'Unified')",
  "count": true,
  "top": 100,
  "select": "id,displayName,mail,groupTypes",
  "orderby": "displayName"
}

Response

The action returns a list of groups, each containing:

Group ID
Display Name
Mail Address
Group Type
Member Count

Groups: Add Members

Adds users or devices as members to an existing group.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Group ID	The unique identifier of the group
Directory Object	The type of objects being added (Users or Devices)
Members	Array of user or device IDs to add to the group

Here is a sample JSON input:

{
  "groupId": "group-id-12345",
  "directoryObject": "Users",
  "members": [
    "user-id-1",
    "user-id-2",
    "user-id-3"
  ]
}

Response

Upon successful addition, the action returns:

Confirmation of members added
List of successfully added members
Any partial failures (if applicable)

Groups: Remove Members

Removes members from an existing group.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Group ID	The unique identifier of the group
Member IDs	Array of user IDs to remove from the group

Here is a sample JSON input:

{
  "groupId": "group-id-12345",
  "memberIds": [
    "user-id-1",
    "user-id-2"
  ]
}

Response

Upon successful removal, the action returns:

Confirmation of members removed
List of successfully removed members
Any partial failures (if applicable)

Groups: List Owners

Retrieves the list of owners for a specific group.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Group ID	The unique identifier of the group

Here is a sample JSON input:

{
  "groupId": "group-id-12345"
}

Response

The action returns a list of group owners including:

User ID
Display Name
Email Address

Guests: Create invitation

Creates an invitation for an external user to join the organization as a guest.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Invited User Email Address	The email address of the user to invite

Optional

Name	Description
Send Invitation Message	Whether to send an invitation email to the user
Invited User Type	The type of user being invited (Guest or Member)
Invite Redirect URL	The URL to redirect the user to after accepting the invitation

Invited User Types:

Guest: Standard guest user with limited access (default)
Member: Member user with broader access

Here is a sample JSON input:

{
  "invitedUserEmailAddress": "[email protected]",
  "sendInvitationMessage": true,
  "invitedUserType": "Guest",
  "inviteRedirectUrl": "https://myapps.microsoft.com"
}

Response

Upon successful invitation, the action returns:

Invitation ID
Invited User ID
Invite Redeem URL
Invitation Status

Guests: Add sponsor

Assigns a sponsor (internal user or group) to a guest user.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
User ID	The unique identifier of the guest user
Add Type	The type of sponsor being added (USER or GROUP)

Optional (based on Add Type)

Name	Description
Sponsors	The user ID of the sponsor (when Add Type is USER)
Group ID	The group ID of the sponsor (when Add Type is GROUP)

Here is a sample JSON input:

{
  "userId": "guest-user-id-12345",
  "addType": "USER",
  "sponsors": "internal-user-id-67890"
}

Response

Upon successful assignment, the action returns:

Confirmation of sponsor assignment
Sponsor details

Devices: Delete device

Deletes a device from Microsoft Entra ID.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Device ID	The unique identifier of the device to delete

Here is a sample JSON input:

{
  "deviceId": "device-id-12345"
}

Response

Upon successful deletion, the action returns:

Confirmation of device deletion
Deletion timestamp

Devices: Add Registered Owner

Adds a user as a registered owner of a device.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
Device ID	The unique identifier of the device
User ID	The unique identifier of the user to add as owner

Here is a sample JSON input:

{
  "deviceId": "device-id-12345",
  "userId": "user-id-67890"
}

Response

Upon successful addition, the action returns:

Confirmation of owner assignment
Updated device ownership details

Workbook: Add Row

Adds a new row of data to an Excel workbook stored in OneDrive or SharePoint.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
ID	The user or group ID (depending on drive type)
Drive Type	The type of drive (USER for OneDrive, GROUP for SharePoint)
Workbook ID	The unique identifier of the workbook
Worksheet ID	The unique identifier of the worksheet
Header Row Number	The row number containing column headers

Dynamic Fields

Additional fields are dynamically generated based on the column headers in the specified worksheet.

Drive Types:

USER: OneDrive personal storage
GROUP: SharePoint document library

Here is a sample JSON input:

{
  "id": "user-or-group-id",
  "driveType": "GROUP",
  "workbookId": "workbook-item-id",
  "worksheetId": "Sheet1",
  "headerRowNumber": "1",
  "First Name": "John",
  "Last Name": "Doe",
  "Email": "[email protected]",
  "Department": "Engineering"
}

Response

Upon successful addition, the action returns:

Confirmation of row addition
Row index of the new data
Updated range information

Workbook: Fetch Rows

Retrieves rows from an Excel workbook with optional filtering.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
ID	The user or group ID (depending on drive type)
Drive Type	The type of drive (USER or GROUP)
Workbook ID	The unique identifier of the workbook
Worksheet ID	The unique identifier of the worksheet
Header Row Number	The row number containing column headers

Optional

Name	Description
Filter Type	How to combine multiple filters (AND or OR)
Filters	Array of filter conditions

Filter Conditions:

CONTAINS: Column contains the specified value
EQ: Column equals the specified value
GT: Column is greater than the specified value
LT: Column is less than the specified value

Here is a sample JSON input:

{
  "id": "user-or-group-id",
  "driveType": "GROUP",
  "workbookId": "workbook-item-id",
  "worksheetId": "Sheet1",
  "headerRowNumber": "1",
  "filterType": "AND",
  "filters": [
    {
      "column": "Department",
      "condition": "EQ",
      "value": "Engineering"
    },
    {
      "column": "Status",
      "condition": "EQ",
      "value": "Active"
    }
  ]
}

Response

The action returns a list of matching rows, each containing:

Row number
Column values mapped to header names
Total row count

Workbook: Update Row

Updates an existing row in an Excel workbook.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
ID	The user or group ID (depending on drive type)
Drive Type	The type of drive (USER or GROUP)
Workbook ID	The unique identifier of the workbook
Worksheet ID	The unique identifier of the worksheet
Header Row Number	The row number containing column headers
Row To Update	The row number to update

Dynamic Fields

Additional fields are dynamically generated based on the column headers in the specified worksheet.

Here is a sample JSON input:

{
  "id": "user-or-group-id",
  "driveType": "GROUP",
  "workbookId": "workbook-item-id",
  "worksheetId": "Sheet1",
  "headerRowNumber": "1",
  "rowToUpdate": "5",
  "Status": "Completed",
  "Last Modified": "2025-08-27"
}

Response

Upon successful update, the action returns:

Confirmation of row update
Updated cell values
Modification timestamp

Workbook: Add worksheet

Creates a new worksheet in an Excel workbook.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
ID	The user or group ID (depending on drive type)
Drive Type	The type of drive (USER or GROUP)
Workbook ID	The unique identifier of the workbook
Sheet Name	The name for the new worksheet

Here is a sample JSON input:

{
  "id": "user-or-group-id",
  "driveType": "GROUP",
  "workbookId": "workbook-item-id",
  "sheetName": "Q4 Report"
}

Response

Upon successful creation, the action returns:

Worksheet ID
Worksheet Name
Creation timestamp

Custom Action

Executes a custom Microsoft Graph API request for advanced scenarios not covered by pre-built actions.

Input Parameters

Here are the input parameters required to set up this action:

Mandatory

Name	Description
URL	The relative URL for the Microsoft Graph API endpoint
HTTP Method	The HTTP method for the request (GET, POST, PUT, PATCH, DELETE)

Optional

Name	Description
Params	Array of key-value pairs for query parameters
Body	The type of request body (NONE or JSON)
Body JSON	The JSON payload for POST, PUT, or PATCH requests

HTTP Methods:

GET: Retrieve data
POST: Create new resources
PUT: Replace existing resources
PATCH: Update existing resources
DELETE: Remove resources

Here is a sample JSON input:

{
  "url": "/users/12345678-abcd-efgh-ijkl-mnopqrstuvwx/calendar/events",
  "httpMethod": "GET",
  "params": [
    {"key": "$top", "value": "10"},
    {"key": "$select", "value": "subject,start,end"}
  ]
}

{
  "url": "/teams",
  "httpMethod": "POST",
  "body": "JSON",
  "bodyJson": {
    "[email protected]": "https://graph.microsoft.com/v1.0/teamsTemplates('standard')",
    "displayName": "New Project Team",
    "description": "Team for the new project"
  }
}

Response

The action returns the response from the Microsoft Graph API, which varies based on the endpoint called:

Status code
Response body (JSON)
Any error messages (if applicable)