What permissions the app requests and why
When you connect your Microsoft 365 account to this app, you will be asked to grant specific Microsoft Graph permissions. These permissions are required so the app can perform actions on behalf of the signed-in user, and are used only for features you explicitly choose to use.
Required Microsoft 365 permissions
| Permission | What it allows | Why it's needed |
|---|---|---|
Sign you in + profile + email (openid, profile, email, User.Read) | Authenticate your identity and display your name/email | So you can securely sign in with your Microsoft 365 account and we can identify you in the app |
Maintain access (offline_access) | Allows the app to maintain access without repeated sign-ins | Enables persistent sessions for workflows and actions you start |
Read and write your files (Files.ReadWrite.All, Sites.ReadWrite.All) | Access your OneDrive and SharePoint files | Enables viewing, uploading, editing, syncing and managing files from within this app |
Read and send mail (Mail.Read, Mail.Send) | Read your mail and send mail as you | Used by workflows to import emails into the app and to send emails you initiate |
Create and update calendar events¹ (Calendars.ReadWrite.All) | Access your calendar | For scheduling and calendar workflows you trigger |
Read and manage group data¹ (Group.ReadWrite.All) | Access Microsoft 365 groups you're part of | Used for group calendar and group-related workflows |
¹ Added January 27, 2026 for SharePoint site creation and Outlook calendar workflows.
These permissions are only used with your consent and only for the user account that granted them.
If the app currently has different permissions to those described above, a Microsoft 365 administrator can fix this by approving the app at adminconsent.m365.app.
Security and privacy
- Your Microsoft credentials are never stored by this app
- Tokens are securely stored by monday.com's infrastructure
- Actions taken by the app are performed on behalf of the signed-in user — the app never acts on data you haven't explicitly allowed
- We do not access other users' Microsoft 365 data unless you explicitly grant access through a workflow feature
- This app only accesses the types of data described above and only to support the specific features you choose
Admin consent is required
Because this app requests access to mail, files, calendars, and group data, your Microsoft 365 admin must grant consent before individual users can connect. If you see an "admin approval required" message, please ask your admin to grant consent.
Once an admin approves these permissions, other users in your organisation can connect without needing to re-approve.
Revoking access
End users — see Revoking access to Microsoft 365 for instructions in monday.com. You can also revoke access at any time from your Microsoft 365 account settings under Connected apps and services.
Microsoft 365 administrators — admins can revoke this app's access at any time from the Azure portal by removing the Enterprise Application, disabling sign-in, or revoking granted permissions under Microsoft Entra ID.