Microsoft Graph Connector

Category: Connectors
Subcategory: Connectors


Microsoft Graph is the gateway to data and intelligence in Microsoft 365. The Microsoft Graph Connector enables you to connect your Mendix app to your Microsoft 365 environment through the Microsoft Graph API and enhance the experience of your users. Use the Graph Explorer to learn what you can do and extend the module with your own ideas.


Demo url

Demo login credentials

username: demo_administrator

password: OLJxO3tnlT


Microsoft Graph is the gateway to data and intelligence in Microsoft 365. The Microsoft Graph Connector enables you to connect your Mendix app to your Microsoft 365 environment through the Microsoft Graph API and enhance the experience of your users. Use the Graph Explorer to learn what you can do and extend the module with your own ideas.

Microsoft Graph exposes REST APIs and client libraries to access data on the following Microsoft cloud services:

  • Microsoft 365 core services: Bookings, Calendar, Delve, Excel, Microsoft 365 compliance eDiscovery, Microsoft Search, OneDrive, OneNote, Outlook/Exchange, People (Outlook contacts), Planner, SharePoint, Teams, To Do, Workplace Analytics.
  • Enterprise Mobility and Security services: Advanced Threat Analytics, Advanced Threat Protection, Azure Active Directory, Identity Manager, and Intune.
  • Windows 10 services: activities, devices, notifications, Universal Print.
  • Dynamics 365 Business Central.

Typical usage scenario

  • Allow users to use their Outlook mail to send and receive emails
  • Retrieve and schedule calendar events
  • Retrieve all users in your tenant and provision users with this information
  • Enable SSO with Azure (requires customisation)
  • Plan online meetings
  • Search through your Office 365 environment and use the results in your workflow

Features and limitations

  • Authorise users with an Azure App Registration so that they can interact with their Office 365 environment
  • Retrieve and Update Users
  • Retrieve and Update Groups
  • Create and retrieve Subscriptions to Change Notifications
  • Limitation: Authorization responses with a fragment payload cannot be processed by Mendix
  • Limitation: Subscribing to Change Notifications is implemented, but processing Change Notifications requires customization. Content of a Change Notification can widely vary so there is no standard way to implement this.


  • Studio Pro 9.18.7 or higher
  • Encryption module
  • NanoflowCommons module
  • CommunityCommons module
  • Access to an App Registration
    • relevant API permissions in the App Registration
    • a Client Secret
    • the Directory (tenant) ID
    • the Application (client) ID


  • Install the module and all of the dependencies
  • Add the snippet “Authentication_Overview” to a page that can be accessed by the Administrator
  • Use the Application ID, Directory ID and Application Secret from your Azure App Registration to get authorization for your user.
  • Add Snip_Login to a page that can be accessed by all users to allow users to request authorization with the Authentication you configured as an Administrator.


  1. Create an App Registration or get access to an existing App Registration in your Azure tenant. Use the Credentials to configure your Authentication and get authorization as a user. Once authorised, you can use the authorization to interact with the Office 365 resources. make sure that the App Registration has the correct API permissions.

    To make sure the authorization flow can be completed, the Redirect URIs need to be configured in the Authentication section of your app registration. You can find (and change) the URI in the PRS_Azure REST service. For local deployment it should most likely be http://localhost:8080/oauth/v2/callback_azure.
  2. Create a new Authentication object. This will be used for all authorization requests from the admin and other users that are allowed to request authorization. Fill in the Application (client) ID, Directory (tentant) ID and Client Secret from your Azure App Registration. Once these are filled in, the Well-Known Configuration will be retrieved.
  3. Choose the relevant scopes for you authentication. If you want to add more scopes, you can do so in the Metadata group box in the Supported Scopes section.
  4. Select your preferred Response Type, Response Mode and Prompt for authorization. Response Type "Code", Response Mode "Query" are recommended for most used cases.
  5. Use the "Get Authorization as a User" button to get authorized with your own account. Use the "Get Authorization as a Service" button to get admin consent that you want to use for actions that require elevated access that you do not want to grant to individual users.


Version: 3.0.1
Framework Version: 9.18.7
Release Notes: Changes - updated microflow and entity images Breaking Changes: - updated published rest service PRS_Azure location for authorization from /oauth2/v2 to /microsoftgraph/oauth2/v2 to avoid conflicts with OIDC module - updated published rest service PRS_ChangeNotifications location from /rest/microsoftgraph/v1 to /microsoftgraph/changenotifications/v1 this is done to be consistent with published rest service naming in this module
Version: 3.0.0
Framework Version: 9.18.5
Release Notes: NOTE: This version of has removed most of the exposed microflow actions except the ones related to Authorization, Users and Groups. existing implementation that rely on these microflow actions will break. - Complete refactoring of the module to only focus on core of Microsoft Graph. This module now serves as a base to integrate with Microsoft Graph and will be dependency for other modules that focus on specific capabilities of Microsoft Graph such as Outlook, Teamwork & Communication and Applications. - improved implementation of change notifications, will require deleting and creating existing subscriptions again. NOTE: if you are including resource data in your change notification, you will need to implement validation of tokens. - added entities to support Batching. - this release supports Studio Pro 9.18.5 or higher
Version: 2.0.0
Framework Version: 9.6.14
Release Notes: - Improved implementation for authentication as a service. Now the authorization correctly uses the client credentials grant to get a new access token if the initial token is expired NOTE: this might create breaking changes for existing authorisations as new attributes have been added. - Added pagination for email messages and users to retrieve all data in a single action - Added delta actions for email messages and users to retrieve changes in data easier - Added attachment actions to retrieve and download attachments from messages - added action to create draft message Minor improvements to domain model
Version: 1.5.2
Framework Version: 9.6.12
Release Notes: fix for issue with completing Authorization. This bug was introduced in a recent version of Studio Pro (9.13 and later). This new release uses a Non-Persistent Entity to create the Authorization instead of immediately importing to the Persistent Entity.
Version: 1.5.1
Framework Version: 9.0.5
Release Notes: -added Supported account types to Authentication to set the supported account types matching what you have configured in the App Registration. This might resolve unexpected authorization issues -minor improvements