Overview
Microsoft 365 suite is one of the leading productivity apps used today in organizations.
Torii integrates with Microsoft 365 and syncs the following:
- List of users
- Licenses (assigned and unassigned)
- Usage
Furthermore, you can automate Microsoft 365 onboarding and offboarding using Torii workflows and use Torii to perform the OneDrive Migrate User Files action. This action can be used as part of the offboarding process to migrate off-boarded users' files (personal drive) to their manager.
Permissions needed to view usage data in Torii
* Microsoft Teams Exploratory license is required
Settings configuration
To view usage in Torii, you need to change the default MS365 settings to show identifiable user information.
-
Open MS 365 Admin console and go to Settings > Org Settings > Services from the left menu.
-
Select Reports from the list.
-
Under Choose how to show user information, uncheck the statement "Display concealed user, group, and site names in all reports," and then save your changes.
User roles
The users who connected Office 365 integration must have a "Reports reader" role or "Global administrator" role.
To assign the role:
- Open MS 365 Admin console and go to Roles > Role assignments from the left menu.
- Select Reports reader from the list.
- Under the "Assigned" tab add a user who connected the integration.
Once the role is assigned, usage data will be fetched in the next account synchronization. You do not need to reconnect the integration.
How usage data is synced
Once the default settings are overwritten, Torii will sync usage for Microsoft 365 suite and its child apps - Outlook, Word, Excel, PowerPoint, OneNote, and Teams. Torii syncs usage from all platforms on which the apps were used - desktop, web, and mobile. The data will be fetched 28 days back with a delay of 2 days (as provided in Microsoft 365 admin center reports).
Pay attention that you will see each of the apps above as a separate app on the Torii platform. The usage will be displayed on the app level and summed up to the total usage of the MS365 suite. Teams app is an exception and will not be summed up, standing on its own.
How to Connect Microsoft 365 to Torii
- Go to the Integrations page and select the Office 365 tile
-
Connect to Office 365
- In the Connect window, CHOOSE PERMISSIONS; note that to use Torii's abilities like workflow automation and actions, you will be required to provide the "Read and Take Action" permission.
- Optional fields - To use "OneDrive Migrate User Files," you must provide Torii the account Client id, Client Secret (Value), and Tenant ID. Click here to see how to get this information.
- Click Continue
- The "Test Connection" window will make the connection test.
Click Connect to continue.
- Once the integration is connected and synced, it will display a green checkbox.
Integration Capabilities and Actions
You can constantly be updated with application information and actions from our Integrations Page >> Integration Capabilities button >> Integration Capabilities table.
Actions and Required Permissions
Migrate user files action
You can use Torii to automate the "OneDrive User file Migration" process.
For Torii to retrieve the date required for OneDrive User file Migration, you will need to provide the following information during the integration process:
-
Get the Client id, Tenant ID, and Client Secret (value)
- Add the required permissions
Read the full instruction for Register an application with the Microsoft identity platform
3. Get the Client id and Tenant ID
Get the Client Secret (value) from here
4. Add the following permissions:
-
- Files.Read.All
- Files.ReadWrite.All
- Sites.Read.All
- Sites.ReadWrite.All
5. Click on, and approve "Grant admin consent for Torii Labs."
Delete calendar actions
To leverage actions "Delete all primary calendar events" and "Delete additional calendars", follow the same process as described above.
Add permissions:
- Calendars.ReadWrite
Please note that "Delete additional Microsoft Office 365 calendars" action does not support the removal of birthday calendars or any calendars linked to personal connected accounts.
Additionally, this action does not remove a user from a group-assigned calendar if the user is a group member. To address this scenario, the user must be removed from the group.
Email actions
To leverage actions "Enable automatic emails", "Disable automatic emails" and "Create email forwarding rules", follow the same process as described above.
Add permissions:
- MailboxSettings.ReadWrite
Q&A
Q: Can a service account be used to connect Office 365?
A: A service account can be used to connect Office 365.
- To connect Torii, the minimum required "Read" permissions are Application Administrator, Global Reader, and Teams Administrator.
- To get usage: Reports Reader(That is already granted).
- To Fully get "Read and Take action," - A global administrator role is required.
- The minimum required “Read” permissions need to be defined in the Azure Active Directory integration
Q: Can Torii remove a license once an account is deactivated?
A: Yes, you can create a Torii workflow to do this.
Q: If a user's license is removed, does that also deactivate them?
A: No.
Q: Does Torii use the Last Activation Date to calculate license activity?
A: Activation Date refers to the last date users activated their Microsoft 365 Apps subscription. Torii does not use this data to calculate license activity or app usage.
Q: How does the 'Create Office 365 User' action in Torii populate the user's email address?
A: It uses the email address of the trigger user in Torii as the email address when creating the user in Office 365.