Perfcopilot
Get started

Connect MS Graph

⚠️ MS Graph OAuth is currently disabled for email-style signals (Mail.Read). Microsoft's equivalent of Google's Restricted-scope verification hasn't been completed yet, so the OAuth integration path is turned off. For Outlook / Microsoft 365 email, please connect via IMAP instead — see /docs/integrations/imap/setup. Same signal output; different transport. For 365 accounts with Modern Auth required (most), generate an app password under Microsoft account → Security → App passwords and paste that into PerfCopilot's IMAP form. (Teams meeting transcripts and calendar density remain available via the separate Teams / Zoom flows — see the call-quality docs.)

Microsoft 365 signals — email metadata, Teams messages, Teams meetings, and calendar density.

Prerequisites

  • Microsoft 365 Global Administrator role (the consent screen requires admin grant for domain-wide install)
  • A PerfCopilot admin account (the Connect button is only visible to admins)
  • The Microsoft 365 tenant must have Exchange Online and (optionally) Teams licensed for the employees you want to analyze

1. Generate credentials in MS Graph

MS Graph uses OAuth with admin consent — there are no API tokens to copy. You'll complete the install from inside PerfCopilot.

  1. Sign in to https://app.perfcopilot.com as an admin.
  2. Open Integrations, find the MS Graph card, and click Connect.

[Screenshot: Microsoft admin-consent prompt — pending]

  1. Microsoft's consent screen opens in a popup. Sign in with a Global Administrator account on the tenant you want to connect.
  2. Approve the domain-wide consent scopes: User.Read.All, Mail.ReadBasic.All, ChannelMessage.Read.All, Calendars.ReadBasic.All. You'll be redirected back to PerfCopilot.

Copy these values; you'll paste them in the next step:

  • No fields — OAuth handles credentials.

2. Paste into PerfCopilot

  1. Open Integrations on your PerfCopilot admin.

  2. Find the MS Graph card and click Connect (or Manage if already configured).

  3. Paste each value into the matching field:

    | Field in PerfCopilot | Value from step 1 | |---|---| | (none) | No fields — OAuth handles credentials. |

  4. Click Save.

[Screenshot: MS Graph drawer with credentials filled — pending]

3. Verify

Click Test in the drawer. Expected:

✅ Authenticated as admin@your-tenant.onmicrosoft.com

If you see a red error, jump to Common errors.

Common errors

| Message | What it usually means | Fix | |---|---|---| | AADSTS50020: User account from identity provider does not exist | The admin signed in with a personal Microsoft account or a guest account on the wrong tenant. | Sign back in with a Global Administrator account on the target tenant. | | Need admin consent | The connecting user is not a Global Admin, so domain-wide consent could not be granted. | Have a Global Admin run the Connect flow end-to-end. | | HTTP 401: InvalidAuthenticationToken | The refresh token expired or was revoked from Azure AD. | Re-run the Connect flow to mint a fresh token. |

What signals we pull

  • email — sent / received metadata per employee from Exchange Online (headers only).
  • slack-shaped messages — Teams channel messages, normalized into the same shape as Slack so the AI can compare across providers.
  • attendance-shaped — meeting density per employee per cycle, computed from calendar events.

Need a feature you don't see? Tell us →.

PreviousLatticeNext Perdoo