You can automate sending out-of-the-box emails using Microsoft 365 Connector based on the events and schedules defined by your workflows.
Install Microsoft 365 Connector from Dynatrace Hub.
To install Microsoft 365 Connector, you need the app-engine:apps:install
permission.
After you install Microsoft 365 Connector, you need to perform some initial steps to set up the connection between Microsoft 365 and your Dynatrace environment.
External requests enable outbound network connections from your Dynatrace environment to external services. They allow you to control access to public endpoints from the AppEngine with app functions and functions in Dashboards, Notebooks, and Automations.
Go to Settings and select General > Environment management, External Requests.
Select New host pattern.
Add the domain names.
Select Add.
This way you can granularly control the web services your functions can connect to.
You need to add these domain names login.microsoftonline.com
and graph.microsoft.com
.
Workflows requires some permissions to run actions on your behalf. Actions that come bundled with the Connector require other permissions.
To fine-tune permissions granted to Workflows
app-settings:objects:read
For more on general Workflows user permissions, see User permissions for workflows.
Configure your Microsoft Azure tenant to establish a connection with your Dynatrace environment.
Open portal.azure.com
to access your Microsoft Azure tenant and navigate to App registrations
to set up a new app.
For the necessary setup steps, see Register a client application in Microsoft Entra ID in Microsoft Azure documentation.
Grant your newly created Azure app the Microsoft Graph/Mail/Mail.Send
permission.
For more information, see API permissions and Introduction to permissions and consent in Microsoft Azure documentation.
To be able to use the API to send emails in the background without a currently signed-in user, you need to select Application permissions. Delegated permissions aren't sufficient.
After registering the app, create a new client secret. For details, see Certificates & secrets in Microsoft Azure documentation.
We strongly recommend using a technical email address as the sender used by the Dynatrace Workflows action and limiting the permissions of your Microsoft Azure app registration to these specific mailboxes by setting up an application access policy. This ensures that only specified email addresses can be used in the app registration and eventually in Dynatrace Workflows. This helps to reduce risks from impersonation.
For details on how to set up a new application access policy, see Limiting application permissions to specific Exchange Online mailboxes in Microsoft Azure documentation.
If you don't set up an application access policy for your Microsoft Azure tenant and restrict the possible email senders, any email address of your tenant can be used as the sender for your emails sent via Dynatrace Workflows.
Application access policies can be assigned to users or groups. Microsoft supports groups as outlined in the section PolicyScopeGroupID.
The from
email address must be an online-hosted mailbox.
Microsoft 365 Connector requires a client secret from Microsoft Azure for authorization.
portal.azure.com
.
Client secret
To add connection settings, you need the following permissions.
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "app:dynatrace.microsoft365.connector:connection"
For details, see Permissions and access.
Be aware that connections are shared and can be used by all users with app-settings
read permissions.
Go to Workflows and select
to create a new workflow.
In the side panel, select the trigger best suited to your needs.
On the trigger node, select to browse available actions.
In the side panel, search the actions for Microsoft 365 and select Send email.
Select a preconfigured Microsoft 365 connection.
Enter the email addresses for the recipients.
The number of email addresses is currently restricted to 10 per field.
Enter a subject.
Enter a message.
To test your workflow, select Run.
This workflows integration doesn't allow formatting of the subject or message. It's only possible to send plain text emails. It doesn't offer support for markup or HTML.
The Send email action provides the following result.
Property
Description
requestId
A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field request-id
clientRequestId
A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field client-request-id
For sending emails, this is identical to requestId
.
The following are solutions to problems some people have.