Microsoft 365 Connector

You can automate sending out-of-the-box emails using Microsoft 365 Connector Microsoft 365 for Workflows based on the events and schedules defined by your workflows.

Set up

Install Microsoft 365 Connector Microsoft 365 for Workflows from Dynatrace Hub.

To install Microsoft 365 Connector, you need the app-engine:apps:install permission.

  1. In Dynatrace Hub Hub, select Microsoft 365 Connector.
  2. Select Install.

After you install Microsoft 365 Connector, you need to perform some initial steps to set up the connection between Microsoft 365 and your Dynatrace environment.

External requests enable outbound network connections from your Dynatrace environment to external services. They allow you to control access to public endpoints from the AppEngine with app functions and functions in Dashboards, Notebooks, and Automations.

  1. Go to Settings and select General > Environment management, External Requests.

  2. Select New host pattern.

  3. Add the domain names.

  4. Select Add.

This way you can granularly control the web services your functions can connect to.

You need to add these domain names login.microsoftonline.com and graph.microsoft.com.

Workflows requires some permissions to run actions on your behalf. Actions that come bundled with the Connector require other permissions.

To fine-tune permissions granted to Workflows

  1. Go to Workflows Workflows and go to Settings > Authorization settings.
  2. Select the following permissions besides the general Workflows permission.
    • app-settings:objects:read

For more on general Workflows user permissions, see User permissions for workflows.

Configure your Microsoft Azure tenant to establish a connection with your Dynatrace environment.

  1. Open portal.azure.com to access your Microsoft Azure tenant and navigate to App registrations to set up a new app. For the necessary setup steps, see Register a client application in Microsoft Entra ID in Microsoft Azure documentation.

  2. Grant your newly created Azure app the Microsoft Graph/Mail/Mail.Send permission.

    For more information, see API permissions and Introduction to permissions and consent in Microsoft Azure documentation.

    To be able to use the API to send emails in the background without a currently signed-in user, you need to select Application permissions. Delegated permissions aren't sufficient.

  3. After registering the app, create a new client secret. For details, see Certificates & secrets in Microsoft Azure documentation.

    • To create a client secret, make sure that you either have admin permissions or are part of the app owners.
    • Make sure you store the client secret Value (not the Secret ID) after creation for establishing the connection to your Dynatrace environment in the next section.
    Limit mailbox access through an application access policy

    We strongly recommend using a technical email address as the sender used by the Dynatrace Workflows action and limiting the permissions of your Microsoft Azure app registration to these specific mailboxes by setting up an application access policy. This ensures that only specified email addresses can be used in the app registration and eventually in Dynatrace Workflows. This helps to reduce risks from impersonation.

    For details on how to set up a new application access policy, see Limiting application permissions to specific Exchange Online mailboxes in Microsoft Azure documentation.

    If you don't set up an application access policy for your Microsoft Azure tenant and restrict the possible email senders, any email address of your tenant can be used as the sender for your emails sent via Dynatrace Workflows.

    Application access policies can be assigned to users or groups. Microsoft supports groups as outlined in the section PolicyScopeGroupID.

    The from email address must be an online-hosted mailbox.

Microsoft 365 Connector requires a client secret from Microsoft Azure for authorization.

  1. Get the following credentials from your app registration in your Microsoft Azure tenant on portal.azure.com.
  2. Return to Dynatrace, go to Settings and select Connections > Connectors > Microsoft 365.
  3. Select Add Connection and provide the following information.
  4. Select Create.

Additional notes

  • To add connection settings, you need the following permissions.

    ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "app:dynatrace.microsoft365.connector:connection"

    For details, see Permissions and access.

  • Be aware that connections are shared and can be used by all users with app-settings read permissions.

Send an email with workflows

  1. Go to Workflows Workflows and select Add to create a new workflow.

  2. In the side panel, select the trigger best suited to your needs.

  3. On the trigger node, select Add to browse available actions.

  4. In the side panel, search the actions for Microsoft 365 and select Send email.

  5. Select a preconfigured Microsoft 365 connection.

  6. Enter the email addresses for the recipients.

    The number of email addresses is currently restricted to 10 per field.

  7. Enter a subject.

  8. Enter a message.

  9. To test your workflow, select Run.

No HTML or markdown support

This workflows integration doesn't allow formatting of the subject or message. It's only possible to send plain text emails. It doesn't offer support for markup or HTML.

Action result

The Send email action provides the following result.

Property

Description

requestId

A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field request-id

clientRequestId

A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field client-request-id

For sending emails, this is identical to requestId.

Troubleshooting

The following are solutions to problems some people have.