DataMapper Access Requirements for 0365 Integration

Our platform, DataMapper, seamlessly integrates with Microsoft Office 365 (O365) to extract and analyze data. To ensure smooth connectivity and data retrieval, it requires specific access permissions. Below are the details regarding the access requirements for two key connectors - Outlook (individual user) and Outlook Global (company-wide). 


Connector 1: Outlook (Individual User) 

For individual users, DataMapper follows a user-centric authentication model, wherein each user grants access to their Outlook folders. The application requests the following Microsoft Graph permissions: 

  • Mail.Read: Allows DataMapper to read mail in the user's mailbox. 
  • User.Read: Permits access to user profile information. 
  • offline_access: Enables DataMapper to access resources on behalf of the user when they are not present. 
  • openid: Grants authentication and authorization support. 
  • Profile: Provides access to the user's basic profile information. 
  • email: Allows DataMapper to read the user's email address. 
  • Mail.ReadWrite: Enables DataMapper to create, read, update, and delete mail in the user's mailbox. 

Scope Type: Delegated - DataMapper acts on behalf of the individual user with their explicit consent. 

For more details on Microsoft Graph permissions, refer to the Microsoft Graph Permissions Reference


You can also see here what you should look for when logged into Microsoft Azure - API Permission - Outlook Connector for Privacyhub DataMapper:

Connector 2: Outlook Global (Company-wide) 

To scan all company Outlook accounts and folders, DataMapper requires a global administrator or a privileged admin role to authenticate and grant access. The application utilizes the following Microsoft Graph permissions: 


  • Mail.Read: Allows DataMapper to read mail in all mailboxes. 
  • User.Read.All: Grants access to read all user profiles. 
  • Group.Read.All: Enables DataMapper to read all groups in the organization. 
  • Mail.ReadWrite: Provides the capability to create, read, update, and delete mail in all mailboxes. 

Scope Type: Application - DataMapper acts with the authority granted by the administrator at the application level. 


We have carefully configured these permissions, to ensure that DataMapper has a secure and efficient data integration with Office 365, providing users with a comprehensive Data Discovery solution. 


You can see here how it should look when its Global Outlook in API Permission in Azure:

Not sure if you have given all the permissions during setup?

Share the link to this article with your IT administrator who can help you check if everything has been setup. The point of this article is to share insights on what DataMapper need in order to integrate well with external companies' Office365.


Do you need help with DataMapper?

Write us via support@safeonline.dk or ask via our chat while you are in the platform. Look for the blue bubble in the low left corner, where you can chat with our team quickly.

Still need help? Contact Us Contact Us