[Beta] Spotlight.ai Outlook Email Connector
Overview
The Spotlight.ai Outlook Email Connector allows Spotlight.ai to access and read user emails via Microsoft Exchange Online. This guide walks Microsoft Global Admins through setting up the connector, limiting email access to specific users and understanding the permission model used. Spotlight.ai only accesses email data required to generate insights and does not send emails or modify mailbox content.
What this connector does
- Reads Outlook emails
- Links emails to opportunities
- Feeds data into Spotlight.ai for analysis to answer qualification and value questions
Why admin consent is required
- Uses Microsoft Graph API
- Requires org-wide permission
What users should expect
- Emails will begin to show in the Interactions screens and will be used for evidence for answers
Customer installation steps
- Go to the Azure Portal → Microsoft Entra ID → App registrations
- Click New registration
- Enter a name (e.g., Spotlight.ai Email Connector), select the appropriate supported account type, and click Register
- Once registered, note down the Application ID and Tenant ID from the app overview page and provide these to Spotlight.ai Support.
- Go to API permissions → Add a permission
- Select Microsoft Graph → Application permissions (Microsoft docs)
- Add
Mail.Read(and any other required mail permissions) - Click Grant admin consent for your organization — required for server-to-server access without user login.
- Go to Certificates & secrets → New client secret (Microsoft docs)
- Add a Description and set an Expiration period
- Copy the secret Value immediately — it will not be shown again. Provide it to Spotlight.ai Support.
- In the Azure Portal, go to Microsoft Entra ID → App registrations → [Your App Name] → API permissions
- Review the configured permissions and ensure:
- Microsoft Graph → Mail.Read (Application) is listed
- The status shows “Granted for <Your Organization>”
- In the Authentication section of your app registration, verify the following
- No redirect URIs are needed for server-to-server (client credentials) flows
- Confirm that Allow public client flows is set to No
- Install and connect to Exchange Online using PowerShell
Install-Module -Name ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName admin@yourdomain.com
- If you don't already have a email-enabled security group, create one directly in Exchange Online...
New-DistributionGroup -Name "SpotlightEmailAccess" -Type Security
- Add relevant users.
Add-DistributionGroupMember -Identity "SpotlightEmailAccess" -Member user@yourdomain.com
- Create an Application Access Policy that restricts application access to the distribution group from step 2.
New-ApplicationAccessPolicy \ -AppId CLIENT_ID_FROM_STEP_4 \ -PolicyScopeGroupId SpotlightEmailAccess@yourdomain.com \ -AccessRight RestrictAccess \ -Description "Restrict Spotlight.ai to selected users only"
- Verify the Application Access Policy...
# Should return Granted for a user in the group Test-ApplicationAccessPolicy -AppId CLIENT_ID_FROM_STEP_4 -Identity user-in-group@yourdomain.com # Should return Denied for a user outside the group Test-ApplicationAccessPolicy -AppId CLIENT_ID_FROM_STEP_4 -Identity user-not-in-group@yourdomain.com
Spotlight.ai Infrastructure Team Steps
- Add the following to the customer tenant configuration:
outlook-email: client-id: APP_ID_FROM_STEP_4 client-secret: CLIENT_SECRET_FROM_STEP_11 tenant-id: TENANT_ID_FROM_STEP_4
- Update the base path and secrets in your configuration management system to reflect the new Outlook Email connector settings.
- Publish the connector configuration
- Send a test email and verify it is being picked up and processed correctly by Spotlight.ai
- Check logs for any authentication or permission errors
- Start the Outlook Email Adaptor service. Verify it is running and successfully connecting to Exchange Online using the credentials configured above.