Knogin
[Developers]

Microsoft 365 Connector: SharePoint, Teams, Outlook & Entra ID Integration

The Microsoft 365 Connector links Argus to a customer's existing Microsoft 365 tenancy through the Microsoft Graph API, so organisations gain calendar, directory, messaging, and document workflows without standing up any

Back to All Modules
Category: Data IntegrationLast Updated: May 26, 2026
data-integrationcompliancegeospatial

Overview#

The Microsoft 365 Connector links Argus to a customer's existing Microsoft 365 tenancy through the Microsoft Graph API, so organisations gain calendar, directory, messaging, and document workflows without standing up any new infrastructure.

Most operators already run Microsoft 365 across their workforce. Rather than asking those teams to learn a second set of tools, this connector meets them where they work. Field supervisors see scheduled visits appear automatically in their Outlook calendars, network operations and utility teams receive rich outage alerts directly in their Teams channels, and geographic zone boundaries stay current in the SharePoint lists that non-Argus staff already rely on. Every link runs against the customer's own tenancy, with credentials encrypted at rest and bound to the owning organisation.

The connector covers four distinct capabilities behind one consistent connection model: pushing geographic zone records into SharePoint lists, sending outage notifications to Teams, keeping Outlook calendars aligned with field schedules, and bringing Microsoft Entra ID users and groups into Argus access control. IT administrators can then provision and deprovision Argus access by managing Entra ID group membership, instead of maintaining a separate user registry.

Key Features#

  • Single Tenancy Connection: Register one connection per organisation with its directory identifier, application identifier, and application secret, then reuse it across every Microsoft 365 capability the connector offers.
  • SharePoint Zone Publishing: Push geographic zone records from Argus into a SharePoint list, with each record matched on a chosen unique field so repeat runs update existing items rather than creating duplicates.
  • Teams Outage Notifications: Post a richly formatted Adaptive Card outage alert to a chosen Teams channel, presenting title, status, customers affected, and utility type as a clear fact set for operations staff.
  • Automatic Outlook Calendar Events: When a field task is scheduled, rescheduled, or closed, the connector creates, updates, or removes the matching Outlook event on the assigned worker's mailbox, with the Argus reference carried on the event for reliable round-tripping.
  • Entra ID User Import: Pull users from the customer's directory into Argus, keeping principal name, display name, mail, department, and job title aligned, and flagging absent accounts as disabled rather than deleting them.
  • Entra ID Group Import and Role Mapping: Import security groups and their memberships, then map named groups to Argus roles so directory membership drives platform access.
  • Encrypted Credentials at Rest: Directory, application, and secret values are protected with authenticated AES-GCM encryption, with each ciphertext bound to its owning organisation so a transplanted credential row fails verification on decrypt.
  • Built-in Connectivity Testing: Validate any connection on demand by acquiring a Graph token and returning the round-trip latency, so misconfigured credentials are caught before a workflow depends on them.

Use Cases#

  • Network Operations Centres: Receive Adaptive Card outage alerts in the same Teams channels where on-call engineers already coordinate, so the first sign of an incident lands where staff are watching.
  • Utility Field Operations: Give inspectors and crews Outlook calendar entries for every assigned visit, complete with location and reference, so scheduled work appears automatically on the calendars they carry on their phones.
  • GIS and Asset Teams: Keep supply zone and boundary records current in SharePoint lists that planning, mapping, and administrative staff already open, without those teams needing an Argus login.
  • IT and Identity Administrators: Provision and deprovision Argus access by managing Entra ID security group membership, so joiners, movers, and leavers are handled in one place through existing directory processes.
  • Multi-Department Organisations: Scope a directory import to a single department where needed, so large tenancies can onboard team by team while keeping each organisation's data isolated.
  • Operations and Compliance Reviewers: Rely on the immutable audit trail written for every export and import to evidence what was sent to Microsoft 365 and when.

Integration#

A customer plugs in by registering one Microsoft 365 connection through the authenticated, organisation-scoped programmable interface, then driving each capability from their own applications or the Argus console. The benefit is a single connection that unlocks SharePoint, Teams, Outlook, and Entra ID at once.

  • GraphQL Operations: The connector publishes a typed, schema-described interface for registering a connection, testing it, publishing zones to SharePoint, and posting an outage to Teams. Each operation is authenticated and scoped to the calling organisation.
  • Event-Driven Calendar Sync: Outlook calendar updates are wired to field task lifecycle events, so scheduling, rescheduling, or closing a visit drives the matching event automatically with no extra calls from the caller.
  • Microsoft Graph Connectors: All Microsoft 365 access runs through the Graph endpoints for SharePoint sites and lists, Teams channel messages, Outlook events, and the Entra ID users and groups directory, exactly as Microsoft documents them, so no agent has to be deployed inside the tenancy.
  • Identity and Access: Caller access is governed by OAuth2-issued tokens carried as JSON Web Tokens, with every operation scoped to the calling organisation and recorded for compliance.
  • Normalised Models: Imported users, groups, and memberships land in a consistent directory model, and zone and outage records map to predictable Graph payloads, so customers work with one stable shape across every connected workflow.
  • Webhooks and Downstream Workflows: Once outage alerts, calendar events, and directory data are in place, existing notification, scheduling, and access workflows pick them up, so the benefit reaches operations staff and field crews without bespoke plumbing.

Open Standards#

  • OAuth 2.0 Client Credentials Grant (RFC 6749): the connector obtains an application-level access token from the Microsoft identity platform using the standard client credentials flow before any Graph call runs.
  • Bearer Token Authentication (RFC 6750): every Microsoft Graph request carries the access token as a standard Authorization: Bearer header.
  • OData Query Protocol (ISO/IEC 20802-1): SharePoint list reads use OData $filter and $expand, and large directory and list responses are paged through the server-supplied @odata.nextLink continuation, as the Graph API specifies.
  • ISO 8601 Date and Time: Outlook calendar event start and end values use the standard date-time representation, paired with a named IANA timezone, so scheduled visits land at the operator's intended wall clock.
  • Microsoft Adaptive Cards (schema v1.4): Teams outage notifications are built as Adaptive Cards against adaptivecards.io/schemas/adaptive-card.json, giving a rich, consistent card layout across Teams clients.
  • JSON Web Token (RFC 7519): organisation-scoped caller access is carried in signed JWT bearer tokens.
  • RFC 8259 JSON: all Graph requests and responses, and the records stored in Argus, are exchanged as standard structured JSON.
  • RFC 8446 TLS / HTTPS: every call to the Microsoft identity platform and to Microsoft Graph runs over transport-layer security, protecting tokens and data in transit.
  • NIST SP 800-38D AES-GCM: stored Microsoft 365 credentials are protected with authenticated AES in Galois/Counter Mode, binding each ciphertext to its owning organisation.

Security & Compliance#

  • Encrypted Credentials at Rest: Directory, application, and secret values are never stored in clear text. Each is encrypted with authenticated AES-GCM and bound to the owning organisation, so a stolen credential row cannot be replayed under another tenant.
  • Strict Tenant Isolation: Every connection, export, import, and lookup is scoped to the calling organisation, so one customer can never read or act on another customer's connections or directory data.
  • Authenticated Operations: All operations require an authenticated, authorised caller; anonymous access is rejected.
  • Least-Surprise Directory Handling: Users absent from a directory import are flagged disabled rather than deleted, so historical references survive and a transient outage cannot purge the directory.
  • Immutable Audit Logging: Connection registration, connectivity tests, SharePoint publishing, Teams notifications, and directory imports are written to an append-only interoperability audit trail for review and compliance reporting.

Last Reviewed: 2026-05-26 Last Updated: 2026-06-01

Ready to Build?

Get started with our APIs or contact our integration team for support.