Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This feature is in Beta. Workspace admins can control access to this feature from the Previews page. See Manage Azure Databricks previews.
This page describes how to configure OAuth machine-to-machine (M2M) authentication for Microsoft Outlook ingestion into Azure Databricks. The Outlook connector uses OAuth 2.0 client credentials (M2M) to access the Microsoft Graph API on behalf of your organization. Use these credentials to create a Unity Catalog connection in Azure Databricks.
Prerequisites
To configure authentication, you must have the following:
- A Microsoft 365 tenant.
- Permission to register applications in Microsoft Entra ID.
- Permission to grant admin consent for API permissions in your organization.
Register an application in Microsoft Entra ID
- Sign in to the Microsoft Entra admin center.
- Go to Entra ID > App registrations.
- Click New registration.
- Provide a Name for the application (for example,
Databricks Outlook Connector). - Under Supported account types, select the appropriate option for your organization.
- Click Register.
Configure API permissions
In the app registration, go to API permissions > Add a permission.
Select Microsoft Graph > Application permissions.
Add the following permissions:
User.Read.AllorDirectory.Read.All— required to discover and list all mailboxes in the tenant.Mail.Read— required to read email messages and attachments.
Click Grant admin consent or request that an administrator grants admin consent for your organization.
Note
The connector requires application permissions, not delegated permissions. Confirm that the permission type is set to Application for each permission you add.
Create a client secret
- In the app registration, go to Certificates & secrets > Client secrets.
- Click New client secret, provide a description and expiration period, then click Add.
- Copy the client secret Value immediately. The value is not shown again after you leave the page.
Collect the required identifiers
From the app registration's Overview page, record the following:
- Application (client) ID
- Directory (tenant) ID
You will enter these values when you create the Unity Catalog connection.
Next steps
Use Catalog Explorer to create a connection so that any user with USE CONNECTION or ALL PRIVILEGES can create pipelines. See Outlook.