[Beta] Spotlight.ai Outlook Email Connector

Overview

The Spotlight.ai Outlook Email Connector allows Spotlight.ai to access and read user emails via Microsoft Exchange Online. This guide walks Microsoft Global Admins through setting up the connector, limiting email access to specific users and understanding the permission model used. Spotlight.ai only accesses email data required to generate insights and does not send emails or modify mailbox content.

What this connector does

  • Reads Outlook emails
  • Links emails to opportunities
  • Feeds data into Spotlight.ai for analysis to answer qualification and value questions

Why admin consent is required

  • Uses Microsoft Graph API
  • Requires org-wide permission

What users should expect

  • Emails will begin to show in the Interactions screens and will be used for evidence for answers

Customer installation steps

  1. Go to the Azure PortalMicrosoft Entra IDApp registrations
  2. Click New registration
  3. Enter a name (e.g., Spotlight.ai Email Connector), select the appropriate supported account type, and click Register
  4. Once registered, note down the Application ID and Tenant ID from the app overview page and provide these to Spotlight.ai Support.
  5. Go to API permissionsAdd a permission
  6. Select Microsoft GraphApplication permissions (Microsoft docs)
  7. Add Mail.Read      (and any other required mail permissions)
  8. Click Grant admin consent for your organization — required for server-to-server access without user login.
  9. Go to Certificates & secretsNew client secret (Microsoft docs)
  10. Add a Description and set an Expiration period
  11. Copy the secret Value immediately — it will not be shown again. Provide it to Spotlight.ai Support.
  12. In the Azure Portal, go to Microsoft Entra ID → App registrations → [Your App Name] → API permissions
  13. Review the configured permissions and ensure:
    1. Microsoft Graph → Mail.Read (Application) is listed
    2. The status shows “Granted for <Your Organization>”
  14. In the Authentication section of your app registration, verify the following
    1. No redirect URIs are needed for server-to-server (client credentials) flows
    2. Confirm that Allow public client flows is set to No
  15. Install and connect to Exchange Online using PowerShell
Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName admin@yourdomain.com
  1. If you don't already have a email-enabled security group, create one directly in Exchange Online...
New-DistributionGroup -Name "SpotlightEmailAccess" -Type Security
  1. Add relevant users.
Add-DistributionGroupMember -Identity "SpotlightEmailAccess" -Member user@yourdomain.com
  1. Create an Application Access Policy that restricts application access to the distribution group from step 2.
New-ApplicationAccessPolicy \
  -AppId CLIENT_ID_FROM_STEP_4 \
  -PolicyScopeGroupId SpotlightEmailAccess@yourdomain.com \
  -AccessRight RestrictAccess \
  -Description "Restrict Spotlight.ai to selected users only"
  1. Verify the Application Access Policy...
# Should return Granted for a user in the group
Test-ApplicationAccessPolicy -AppId CLIENT_ID_FROM_STEP_4 -Identity user-in-group@yourdomain.com

# Should return Denied for a user outside the group
Test-ApplicationAccessPolicy -AppId CLIENT_ID_FROM_STEP_4 -Identity user-not-in-group@yourdomain.com

Spotlight.ai Infrastructure Team Steps

  1. Add the following to the customer tenant configuration:
outlook-email:
  client-id: APP_ID_FROM_STEP_4
  client-secret: CLIENT_SECRET_FROM_STEP_11
  tenant-id: TENANT_ID_FROM_STEP_4
  1. Update the base path and secrets in your configuration management system to reflect the new Outlook Email connector settings.
  2. Publish the connector configuration
  3. Send a test email and verify it is being picked up and processed correctly by Spotlight.ai
  4. Check logs for any authentication or permission errors
  5. Start the Outlook Email Adaptor service. Verify it is running and successfully connecting to Exchange Online using the credentials configured above.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us