Outlook connector

The Outlook connector connects to the Microsoft Graph API and enables federated search and browsing of email in Microsoft Outlook. It uses OAuth Authorization Code flow to access the authenticated user's mailbox on their behalf.

You can create an Outlook connector in Stack Management > Connectors or when adding an Outlook data source.

Client ID

The Application (client) ID of your Microsoft Entra ID application registration.

Client secret

The client secret generated for your Microsoft Entra ID application.

Authorization URL

The authorization endpoint for your Microsoft Entra tenant: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize. Replace {tenant-id} with your tenant ID.

Token URL

The token endpoint for your Microsoft Entra tenant: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token. Replace {tenant-id} with your tenant ID.

You can test connectors when creating or editing the connector in Kibana. The test verifies connectivity by fetching the authenticated user's profile from Microsoft Graph.

Searches Outlook mail using the Microsoft Graph Search API with Keyword Query Language (KQL) syntax.

Parameters:

• query (required): KQL query string. Examples: subject:budget Q4, from:alice@contoso.com, hasAttachments:true AND subject:report.
• from (optional): Zero-based pagination offset (default: 0).
• size (optional): Number of results to return (1–25, default 10).

Lists email messages from a mailbox folder. Supports OData filters for finer control.

Parameters:

• folderId (optional): Folder name or ID. Well-known names: inbox, sentitems, drafts, deleteditems, junkemail. If not specified, fetches the full mailbox.
• top (optional): Maximum number of messages (1–100, default 20).
• filter (optional): OData $filter expression, for example isRead eq false or receivedDateTime ge 2024-01-01T00:00:00Z.
• orderby (optional): OData sort expression, for example receivedDateTime desc (default).

Retrieves a single Outlook message by ID, including the full HTML or text body.

Parameters:

• messageId (required): The message ID from list messages or search messages.

Lists attachments on a message with metadata (name, content type, size).

Parameters:

• messageId (required): The message ID.

Downloads an attachment as a base64-encoded string (contentBytes). Call list attachments first to discover attachment IDs.

Parameters:

• messageId (required): The message ID.
• attachmentId (required): The attachment ID from list attachments.

Lists mail folders in a mailbox, including their item counts.

Parameters:

• includeHidden (optional): Whether to include hidden system folders (default: false).

Use the Action configuration settings to customize connector networking, such as proxies, certificates, or TLS settings. If you use xpack.actions.allowedHosts, add graph.microsoft.com and login.microsoftonline.com to the list.

To use the Outlook connector, you need a Microsoft Entra ID application registration with the required Graph API permissions.

1. Sign in to the Azure portal. Select Microsoft Entra ID → App registrations.
2. Create a new application registration. Under Redirect URIs, add your Kibana callback URL.
3. Under API permissions, add the following Delegated permissions for Microsoft Graph:
   • Mail.Read — Read user mail
   • Mail.ReadBasic — Read basic mail metadata
   • offline_access — Allow the app to maintain access between sessions
4. Under Certificates & secrets, create a new client secret and note the value.
5. Copy the Application (client) ID, client secret value, and tenant ID.
6. In the connector configuration, enter the client ID and client secret, and set the authorization and token URLs using your tenant ID.