Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.brightpathaisolutions.com/llms.txt

Use this file to discover all available pages before exploring further.

The Microsoft 365 connector gives DeskMate access to:
  • Outlook Mail — read, send, draft on behalf of users
  • Calendar — read, create, update, cancel events
  • OneDrive — read and write files
  • SharePoint — read and write files in sites
  • Teams — used by the DeskMate chat bot to receive messages and post replies (including Adaptive Cards)
This is the connector most enterprise customers set up first, and the one with the most moving parts. Allow about 15 minutes the first time.

What your Azure admin needs to do

DeskMate uses a single multi-tenant Azure application that we host. When you connect, your Azure AD admin grants that application access to your tenant. They don’t create a new app in Azure — they just consent to ours.
You need a Microsoft 365 administrator who can grant admin consent to third-party applications. A regular user account is not enough.

Step 1 — Find your Azure tenant ID

In your browser, open: 
https://login.microsoftonline.com/YOUR-DOMAIN/.well-known/openid-configuration
Replace YOUR-DOMAIN with your email domain (e.g. contoso.com). The JSON that loads contains a token_endpoint field — the GUID right after login.microsoftonline.com/ is your Azure tenant ID. You’ll need this GUID in Step 3. It looks like: 4d26fc6a-533e-45a9-993a-81072b013c6b. Your DeskMate account manager will provide a consent URL that looks like: 
https://login.microsoftonline.com/<YOUR_TENANT_ID>/adminconsent?client_id=<DESKMATE_APP_ID>
Open this URL as a Microsoft 365 admin. You’ll see a consent screen listing every permission DeskMate needs. Click Accept. The permissions granted are:
PermissionTypeWhy
User.Read.AllApplicationResolve Teams users to email/profile
Mail.ReadWrite, Mail.SendApplication + DelegatedRead inbox, send mail
Calendars.ReadWriteApplication + DelegatedRead and create events
Files.ReadWrite.AllApplication + DelegatedOneDrive read/write
Sites.ReadWrite.AllApplication + DelegatedSharePoint read/write
Chat.ReadWrite / Chat.ReadWrite.AllApplication + DelegatedTeams chat read/write
offline_accessDelegatedRefresh tokens so the user doesn’t have to sign in daily
Both Application and Delegated permissions matter and serve different purposes. Application permissions let DeskMate act as itself across the tenant (e.g. lookup any user’s profile). Delegated permissions let DeskMate act on behalf of a signed-in user (e.g. read that specific user’s mailbox).

Step 3 — Connect from DeskMate

In your DeskMate workspace:
  1. Open Workspace → Connectors
  2. Click Connect on the Microsoft 365 tile
  3. When prompted, enter your Azure tenant ID (the GUID from Step 1)
  4. Sign in with a Microsoft 365 admin account and consent
  5. The connector tile turns green — you’re done

Verify it’s working

Run this command in Teams or the DeskMate web chat: 
list my unread emails from the last 24 hours
You should see a list back within a few seconds. If you see “Microsoft 365 not connected” or “Insufficient privileges”, jump to Troubleshooting.

Install the Teams chat bot

The Microsoft 365 connector is required to use DeskMate in Teams, but the bot itself is installed separately. See Use DeskMate in Microsoft Teams for the manifest install.

Troubleshooting

”Insufficient privileges to complete the operation” (403 from Graph)

The most common cause: an admin granted permissions as Delegated only, not as Application. Application permissions need an explicit admin-consent step (Step 2 above) and they show separately in Azure → Enterprise applications → DeskMate → Permissions. In the Azure portal, you should see two rows for each permission name — one of type Delegated and one of type Application. Both must show Granted for [your tenant]. If the Application row is missing or not granted, re-run Step 2.

Outbound replies in Teams return “Unauthorized”

Means the Bot Service auth is rejecting DeskMate’s token. The most common cause is that the Teams bot manifest installed in your tenant is referencing a different Azure App ID than the one DeskMate uses. Email support@brightpathaisolutions.com with a screenshot of the error — we’ll send you a refreshed manifest.

”redirect_uri_mismatch”

You’re using a custom-domain DeskMate workspace and the redirect URI hasn’t been added to the Azure app. Email support and include your workspace subdomain.

The connector connected but Outlook reads return nothing

Check whether the user whose mailbox you’re reading actually has a Microsoft 365 mailbox license. DeskMate can’t read mail on an account without a mailbox.

Disconnecting

In Workspace → Connectors, click Disconnect on the Microsoft 365 tile. Tokens are revoked immediately; the next connection will require a fresh admin-consent flow if the Azure permissions were also removed in Azure AD. To revoke at the Microsoft side (e.g. you’re offboarding DeskMate entirely), an admin should go to Azure portal → Enterprise applications → search for DeskMate → Delete.