Managing Microsoft tools
Setting up the Connection
The setup process for Excel, Outlook and other Microsoft tools require an Entra admin (Microsoft Entra ID 'privileged role administrator' or 'application administrator') who is also a Dust Admin. This ensures full access to the necessary permissions.
It is recommended for Admins to perform the following steps from a Private browser session or a new browser, to avoid using their currently active Microsoft session.
Under Spaces > Tools, Select Add Tools. Then select a Microsoft tool.
An OAuth modal will appear to allow you to allow Dust to access Microsoft account.
On the first connection, tick the box Consent on behalf of your authorization. When this checkbox does not appear, it means that an EntraID admin will need to validate your Consent Request from the Admin consent requests panel
The Dust-Tools Application in EntraID
When consenting on behalf of your organization, (or requesting your admin to do so) Dust will create an entreprise application in Entra.
The following permissions will be requested by the app. In this case, the Delegated type means that even if the requested permission claim is high, it will be delegated to the user when using Dust. (ie. if a user cannot read chatMessages, they won't be able to by using the Dust-Tools app)
| API Name | Claim Value | Permission | Type | Granted Through | Granted By |
|---|---|---|---|---|---|
| Microsoft Graph | Channel.ReadBasic.All | Read the names and descriptions of channels | Delegated | Admin consent | An administrator |
| Microsoft Graph | ChannelMessage.Read.All | Read user channel messages | Delegated | Admin consent | An administrator |
| Microsoft Graph | ChannelMessage.Send | Send channel messages | Delegated | Admin consent | An administrator |
| Microsoft Graph | Chat.Read | Read user chat messages | Delegated | Admin consent | An administrator |
| Microsoft Graph | Chat.ReadWrite | Read and write user chat messages | Delegated | Admin consent | An administrator |
| Microsoft Graph | ChatMessage.Read | Read user chat messages | Delegated | Admin consent | An administrator |
| Microsoft Graph | ChatMessage.Send | Send user chat messages | Delegated | Admin consent | An administrator |
| Microsoft Graph | Contacts.ReadWrite | Have full access to user contacts | Delegated | Admin consent | An administrator |
| Microsoft Graph | Contacts.ReadWrite.Shared | Read and write user and shared contacts | Delegated | Admin consent | An administrator |
| Microsoft Graph | ExternalItem.Read.All | Read items in external datasets | Delegated | Admin consent | An administrator |
| Microsoft Graph | Files.ReadWrite.All | Have full access to all files user can access | Delegated | Admin consent | An administrator |
| Microsoft Graph | Mail.ReadWrite | Read and write access to user mail | Delegated | Admin consent | An administrator |
| Microsoft Graph | Mail.ReadWrite.Shared | Read and write user and shared mail | Delegated | Admin consent | An administrator |
| Microsoft Graph | offline_access | Maintain access to data you have given access to | Delegated | Admin consent | An administrator |
| Microsoft Graph | Sites.Read.All | Read items in all site collections | Delegated | Admin consent | An administrator |
| Microsoft Graph | Team.ReadBasic.All | Read the names and descriptions of teams | Delegated | Admin consent | An administrator |
| Microsoft Graph | User.Read | Sign in and read user profile | Delegated | Admin consent | An administrator |
| Microsoft Graph | User.ReadBasic.All | Read all users' basic profiles | Delegated | Admin consent | An administrator |
Updated about 10 hours ago