Microsoft Office 365 Exchange

Set up Azure

First, you need to contact your Azure administrator and ask for three parameters which you’ll need when you create a connector.

  • Application (Client) ID

  • Client Secret

  • Directory (Tenant) ID

You can read the Azure procedure here.

Create the data source in NOW Privacy

In NOW Privacy, create a data source:

  1. From the main menu select Data Sources

  2. Click NewNew Data Source

  3. In the New Data Source dialog, select the dataset this new data source will belong to by:

    1. choosing an existing dataset from the dropdown, or

    2. clicking Add to new Data Set and typing the name of your dataset

      If you use option 3b, remember to add the dataset to at least one security group

      If you don’t, no users will be able to see the data from this data source

  4. Click Next

  5. Select the Office 365 data source and click Next

  6. Select which Office 365 service you want to use: Exchange, SharePoint, or OneDrive

  7. Enter the Azure credentials for this data source

    Your Azure administrator can supply these

  8. Think about the ingestion scope you want to use

    If you’re crawling a user or a group of users, find the:

    • domain name

    • email address for the user or group of users

    For this scope:

    We crawl mailbox content for this:


    All users that a tenant has.


    All users belonging to a domain under the tenant.

    Group email

    All users belonging to a domain group.

    User email

    An individual domain user.

    For distribution list emails, set the scope to Group email

    For individual user or shared user mailboxes, set the scope to User email

  9. Optionally, click Test Credentials

    NOW Privacy validates them and shows you what the credentials allow you to crawl

    Test the Azure credentials for Office 365 Exchange

    If you see that you don’t have access to something you need to crawl, contact your Azure administrator

  10. Click Next

  11. Choose your ingestion scope:

    • Everything

    • Domain

    • Group email

    • User email

  12. Fill in the domain and email if needed

    If the scope is Everything, you don’t need any parameters

    Optionally, click Test Connection


In most cases, this test is reliable. However, you might want to configure a data source before the target server is available, or perhaps during a scheduled maintenance window when the check isn’t possible.

Also, Office 365 cannot be fully validated without attempting to crawl data.

The Ignore this warning checkbox allows you to set up the data source even if validation fails.




The id of a Microsoft tenant-held domain. For example:


If the ingestion scope is Group Email, this is an email address that identifies a user group. For example: If the ingestion scope is User Email, this is the email address for an individual user.

  1. Select the country for this data source and click Next

    The country is used in geographical visualisations

  2. Optionally, click Add Custom Description

    This allows you to use you own description for this data source, rather than accept the default description that NOW Privacy provides

  3. Set the Crawl priority

  4. Specify whether you want to crawl once or continuously

  5. Click Start Crawl Immediately if you want to crawl the data right now

    Or you can start a crawl manually anytime you want

  6. Click Create Data Source


  1. We do not extract attachments from the calendar.

    Only the user’s calendar is ingested. Any calendar shared with a user is ignored.

    Only folders under the mailbox root folder will be ingested. As such, any email or other content moved to the root folder will not be ingested.

  2. After the crawler runs, you can open any email that if finds if you have permissions on Office 365 Exchange to access that email. Make sure you log in to Office 365 first.

more See also Microsoft Exchange on Premise