The Xakia O365 Outlook Add-in follows the principle of least privilege. It requests only the minimal, user-delegated permissions it needs, and it uses delegated authentication, so access is limited to the signed-in user and only the email items they choose. The Add-in doesn't use application-level permissions to reach all mailboxes.
Read and write access to user mail
Lets the Add-in read email content (subject, body, sender, recipients) and apply metadata like categories or tags for filing inside Outlook.
The Add-in doesn't create or send emails on your behalf.
Benefits:
File emails and their attachments to Xakia matters or your integrated DMS (SharePoint) without leaving Outlook.
Tag emails with the Xakia Filing Indicator (XFI): the Add-in marks emails as "Filed by Xakia" and shows an orange banner on unfiled emails, so you get immediate context on filing status.
Turn on automatic conversation filing for an email thread to save all later emails in that conversation to the linked matter. This needs to read new emails in the thread and write filing metadata.
See contextual actions, like a File email button, based on the email's filing status.
Build toward upcoming features: this permission is foundational for Compose, Send and File, and Add Xakia attachments to email.
Read and write access to user and shared mail
Extends that access to shared mailboxes, like team inboxes. Your whole team can then use every filing and matter-management action (filing emails, the Xakia Filing Indicator, setting up conversation filing) on emails in a shared mailbox, which keeps document management consistent when several people work the same inbox and gives you a unified approach to matter management.
Maintain access to granted data
Lets the Add-in keep access to mailbox data after Outlook closes, which supports background operations and reauthentication. You won't get repeated permission prompts, so you keep uninterrupted access to Xakia inside Outlook and can stay in your inbox with less friction.
Sign in and read user profile
Authenticates you through Microsoft 365 and reads basic profile info (name, user ID) to link your Outlook activity to your Xakia account. This means your actions (creating matters, adding tasks and key dates, filing emails) are correctly attributed to you in Xakia, and views like My Matters show the information relevant to you.
For IT teams
The rest of this article is for administrators deploying the Add-in.
Two-part architecture and admin consent
The Add-in has two parts:
Outlook Add-In UI: the user-facing interface, available from the Microsoft App Store, where you file emails and interact with Xakia from Outlook
Azure App (Microsoft Entra ID): a secure backend component in your Microsoft 365 tenant that enables advanced capabilities like email classification and category tagging
Because the Azure App connects to Microsoft Graph for mailbox access, setup requires admin consent to register it in your organization's environment.
For full Outlook functionality, the Azure app needs administrator consent to delegated permissions. Granting this consent up front, before rollout, lets your users access every feature without individual consent prompts.
Delegated authentication and controlled access
The Add-in uses delegated authentication, so access is limited strictly to the signed-in user's mailbox:
It only accesses emails you select or interact with, with no background scanning or bulk access
It doesn't use application permissions, so it can't reach other users' mailboxes
This keeps it privacy-first and aligned with least privilege.
Security and compliance
The Add-in is built on Microsoft Graph APIs, Microsoft's preferred method for secure integration with Microsoft 365. We're certified to ISO 27001, SOC 2 Type II, and HIPAA, and we roll out updates regularly for performance, compatibility, and emerging threats.
Deployment options
Microsoft App Store: users install it directly (admin approval may be required, depending on your settings)
Microsoft 365 Admin Center: IT teams deploy it centrally to groups or the whole organization
Manual installation: for cases where direct or centralized install isn't suitable
We'll help you migrate from legacy versions of the Add-in with clear guidance.
