Skip to main content
Connect an Outlook or Microsoft 365 mailbox so Hiveku can send, read, or manage email across your CRM workflows, sales agents, and automations.
Before you start: Set up a Microsoft Azure OAuth app. You only do this once — the same app powers every Outlook connection.

Pick Your Scope

Outlook supports several access levels via Microsoft Graph. Pick the smallest scope that does what you need:
ScopeMicrosoft Graph permissionsWhat it does
Read-onlyoffline_access Mail.ReadRead messages, folders
Send onlyoffline_access Mail.SendSend new emails; can’t read inbox
Full accessoffline_access Mail.ReadWrite Mail.SendRead, send, move, flag
Full + Calendaroffline_access Mail.ReadWrite Mail.Send Calendars.ReadWriteFull mail + calendar event management
offline_access is included in every option — without it, Microsoft won’t issue a refresh token, and the connection would expire every hour. Hiveku adds it automatically.

Pick Your Tenant

Tenant controls which Microsoft accounts can authorize the connection. Set this when you registered the Azure app, but you can override per connection:
  • Common — any Microsoft account (work, school, or personal) can authorize. Most flexible.
  • Specific tenant ID — only users in that tenant can authorize. Use when you want to restrict access to a single organization.
If your Azure app was registered as single tenant, the only accounts that can authorize are in that tenant. Using common in Hiveku won’t override the Azure app’s configuration — that’s a Microsoft-side setting. See the Microsoft OAuth App setup guide for details.

Connect the Mailbox

1

Open the integration

Go to CRM > Email Connections > Add Connection > Outlook.
2

Select your Microsoft OAuth app

Pick the Microsoft app you registered under Settings > OAuth Apps. If you see no apps in the dropdown, create one first — see Set up a Microsoft Azure OAuth app.
3

Choose your scope

Pick one of:
  • Read-only — for reading inboxes
  • Send only — for outbound email
  • Full access — for general CRM use
  • Full + Calendar — for sales agents booking meetings
4

Choose your tenant

  • Common for multi-tenant
  • Specific tenant ID to restrict to a single Microsoft 365 tenant
5

Authorize with Microsoft

Click Authorize with Microsoft. You’re redirected to a Microsoft consent screen showing your app name and the scopes you’re requesting. Sign in, review, and click Accept.
6

Confirm the connection

You return to Hiveku, where the Outlook connection shows:
  • Your email address
  • Active scopes
  • Status Active
Some Graph scopes (especially Mail.ReadWrite on some tenants) can be configured to require admin consent. If your users hit “admin consent required” during authorization, your Microsoft 365 admin should:
1

Open the Azure app

Go to portal.azure.com > App registrations > select the app.
2

Grant admin consent

Navigate to API permissions and click Grant admin consent for [tenant]. This pre-consents the permissions for all users in the tenant so each user doesn’t need to request admin approval individually.

Connect Multiple Mailboxes

Repeat the flow for each Outlook or Microsoft 365 account — each becomes its own connection.

Verify the Connection

  • Connection status on the Email Connections page shows Active
  • Send a test email from the CRM — it arrives from your Outlook address
  • For read scopes, check a test message appears in the CRM’s inbox view

Changing the Scope Later

OAuth tokens are scope-locked. To change a connection from read-only to full, for example:
1

Disconnect the existing Outlook connection

Click the menu next to the connection and choose Disconnect.
2

Reconnect with the new scope

Run the flow again with the new scope selected.

Troubleshooting

Your Azure app is configured as single-tenant, so only users in that tenant can authorize. Either switch the app to multi-tenant in Azure (Authentication > Supported account types) and use common in Hiveku, or ensure the user is in the correct tenant.
Usually means your Azure client secret expired. Create a new secret in Azure Portal > App registrations > [your app] > Certificates & secrets, then update it in Hiveku > Settings > OAuth Apps. Existing connections may need to reconnect once.

What’s Next?

Microsoft OAuth App

Review the Azure app setup

Run Sales Sequences

Personal OAuth cadences — sent from this Outlook mailbox

Work with the AI SDR

The AI drafts and sends from your connected Outlook on approval

Send Emails

Use your Outlook connection in workflows