You can automate sending out-of-the-box emails using Microsoft 365 for Workflows based on the events and schedules defined by your workflows.
Install Microsoft 365 for Workflows
Allow Microsoft 365 outbound connections
Grant permissions to Workflows
Set up Microsoft Azure for integration with Dynatrace
Authorize connection to Microsoft Azure
To use Microsoft 365 actions, first install Microsoft 365 for Workflows from Dynatrace Hub.
To install Microsoft 365 for Workflows, you need the app-engine:apps:install
permission.
After you install Microsoft 365 for Workflows, you need to perform some initial steps to set up the connection between Microsoft 365 and your Dynatrace environment.
login.microsoftonline.com
and graph.microsoft.com
domain names.This way, you can granularly control the web services to which your Dynatrace environment can connect.
Some permissions are required by Workflows to run actions on your behalf. Other permissions are required by actions that come bundled with Microsoft 365 for Workflows itself.
To fine-tune permissions granted to Workflows
app-settings:objects:read
For more on general Workflows user permissions, see User permissions for workflows.
Configure your Microsoft Azure tenant to establish a connection with your Dynatrace environment.
Open portal.azure.com
to access your Microsoft Azure tenant and navigate to App registrations
to set up a new app.
For the necessary setup steps, see Register a client application in Microsoft Entra ID in Microsoft Azure documentation.
Grant your newly created Azure app the Microsoft Graph/Mail/Mail.Send
permission.
For more information, see API permissions and Introduction to permissions and consent in Microsoft Azure documentation.
To be able to use the API to send emails in the background without a currently signed-in user, you need to select Application permissions. Delegated permissions aren't sufficient.
After registering the app, create a new client secret. For details, see Certificates & secrets in Microsoft Azure documentation.
We strongly recommend using a technical email address as the sender used by the Dynatrace Workflows action and limiting the permissions of your Microsoft Azure app registration to these specific mailboxes by setting up an application access policy. This ensures that only specified email addresses can be used in the app registration and eventually in Dynatrace Workflows. This helps to reduce risks from impersonation.
For details on how to set up a new application access policy, see Limiting application permissions to specific Exchange Online mailboxes in Microsoft Azure documentation.
If you don't set up an application access policy for your Microsoft Azure tenant and restrict the possible email senders, any email address of your tenant can be used as the sender for your emails sent via Dynatrace Workflows.
Application access policies can be assigned to users or groups. Microsoft supports groups as outlined in the section PolicyScopeGroupID.
The from
email address must be an online-hosted mailbox.
Microsoft 365 for Workflows requires a client secret from Microsoft Azure for authorization.
portal.azure.com
.
Client secret
To add connection settings, you need the following permissions.
ALLOW settings:objects:read, settings:objects:write, settings:schemas:read WHERE settings:schemaId = "app:dynatrace.microsoft365.connector:connection"
For details, see Permissions and access.
Be aware that connections are shared and can be used by all users with app-settings
read permissions.
Go to Workflows and select to create a new workflow.
In the side panel, select the trigger best suited to your needs.
On the trigger node, select to browse available actions.
In the side panel, search the actions for Microsoft 365 and select Send email.
Select a preconfigured Microsoft 365 connection.
Enter the email addresses for the recipients.
The number of email addresses is currently restricted to 10 per field.
Enter a subject.
Enter a message.
To test your workflow, select Run.
This workflows integration doesn't allow formatting of the subject or message. It's only possible to send plain text emails. It doesn't offer support for markup or HTML.
The Send email action provides the following result.
Property
Description
requestId
A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field request-id
clientRequestId
A unique identifier required for reporting issues to Microsoft Support that is returned by the Microsoft API in the response header field client-request-id
For sending emails, this is identical to requestId
.
The following are solutions to problems some people have.