Microsoft 365 Connector

You can automate sending out-of-the-box emails using Microsoft 365 Connector Microsoft 365 for Workflows based on the events and schedules defined by your workflows.

Set up Microsoft 365 integration

Step 1

Install Microsoft 365 Connector

Step 2

Allow Microsoft 365 outbound connections

Step 3

Grant permissions to Workflows

Step 4

Set up Microsoft Azure for integration with Dynatrace

Step 5

Authorize connection to Microsoft Azure

Step 1 Install Microsoft 365 Connector

To use Microsoft 365 actions, first install Microsoft 365 Microsoft 365 for Workflows from Dynatrace Hub.

To install Microsoft 365 Connector, you need the app-engine:apps:install permission.

  1. In Dynatrace Hub Hub, select Microsoft 365 Connector.
  2. Select Install.

After you install Microsoft 365 Connector, you need to perform some initial steps to set up the connection between Microsoft 365 and your Dynatrace environment.

Step 2 Allow Microsoft 365 outbound connections

  1. Go to Settings and select Connections > Outbound and inbound > Limit outbound connections. This opens the Settings Classic page.
  2. Select Add item and add the login.microsoftonline.com and graph.microsoft.com domain names.
  3. Select Save changes.

This way, you can granularly control the web services to which your Dynatrace environment can connect.

Step 3 Grant permissions to Workflows

Some permissions are required by Workflows to run actions on your behalf. Other permissions are required by actions that come bundled with Microsoft 365 Connector itself.

To fine-tune permissions granted to Workflows

  1. Go to Workflows Workflows and select Settings > Authorization settings.
  2. Select the following permissions besides the general Workflows permission.
    • app-settings:objects:read

For more on general Workflows user permissions, see User permissions for workflows.

Step 4 Set up Microsoft Azure for integration with Dynatrace

Configure your Microsoft Azure tenant to establish a connection with your Dynatrace environment.

  1. Open portal.azure.com to access your Microsoft Azure tenant and navigate to App registrations to set up a new app. For the necessary setup steps, see Register a client application in Microsoft Entra ID in Microsoft Azure documentation.

  2. Grant your newly created Azure app the Microsoft Graph/Mail/Mail.Send permission.

    For more information, see API permissions and Introduction to permissions and consent in Microsoft Azure documentation.

    To be able to use the API to send emails in the background without a currently signed-in user, you need to select Application permissions. Delegated permissions aren't sufficient.

  3. After registering the app, create a new client secret. For details, see Certificates & secrets in Microsoft Azure documentation.

    • To create a client secret, make sure that you either have admin permissions or are part of the app owners.
    • Make sure you store the client secret Value (not the Secret ID) after creation for establishing the connection to your Dynatrace environment in the next section.
    Limit mailbox access through an application access policy

    We strongly recommend using a technical email address as the sender used by the Dynatrace Workflows action and limiting the permissions of your Microsoft Azure app registration to these specific mailboxes by setting up an application access policy. This ensures that only specified email addresses can be used in the app registration and eventually in Dynatrace Workflows. This helps to reduce risks from impersonation.

    For details on how to set up a new application access policy, see Limiting application permissions to specific Exchange Online mailboxes in Microsoft Azure documentation.

    If you don't set up an application access policy for your Microsoft Azure tenant and restrict the possible email senders, any email address of your tenant can be used as the sender for your emails sent via Dynatrace Workflows.

    Application access policies can be assigned to users or groups. Microsoft supports groups as outlined in the section PolicyScopeGroupID.

    The from email address must be an online-hosted mailbox.

Step 5 Authorize connection to Microsoft Azure

Microsoft 365 Connector requires a client secret from Microsoft Azure for authorization.

  1. Get the following credentials from your app registration in your Microsoft Azure tenant on portal.azure.com.
  2. Return to Dynatrace, go to Settings and select Connections > Connectors > Microsoft 365.
  3. Select Add Connection and provide the following information.
  4. Select Create.

Additional notes

  • To add connection settings, you need the following permissions.

    ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "app:dynatrace.microsoft365.connector:connection"

    For details, see Permissions and access.

  • Be aware that connections are shared and can be used by all users with app-settings read permissions.

Send an email with workflows

  1. Go to Workflows Workflows and select Add to create a new workflow.

  2. In the side panel, select the trigger best suited to your needs.

  3. On the trigger node, select Add to browse available actions.

  4. In the side panel, search the actions for Microsoft 365 and select Send email.

  5. Select a preconfigured Microsoft 365 connection.

  6. Enter the email addresses for the recipients.

    The number of email addresses is currently restricted to 10 per field.

  7. Enter a subject.

  8. Enter a message.

  9. To test your workflow, select Run.

No HTML or markdown support

This workflows integration doesn't allow formatting of the subject or message. It's only possible to send plain text emails. It doesn't offer support for markup or HTML.

Action result

The Send email action provides the following result.

Property

Description

requestId

A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field request-id

clientRequestId

A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field client-request-id

For sending emails, this is identical to requestId.

Troubleshooting

The following are solutions to problems some people have.