Skip to main content

Xakia O365 Outlook Add-In: Understanding and Authorizing Permissions

Understand the user-delegated permissions the Xakia Outlook Add-in requests, what each one enables, and the details your IT team needs to approve.

The Xakia O365 Outlook Add-in follows the principle of least privilege. It requests only the minimal, user-delegated permissions it needs, and it uses delegated authentication, so access is limited to the signed-in user and only the email items they choose. The Add-in doesn't use application-level permissions to reach all mailboxes.


Read and write access to user mail

Lets the Add-in read email content (subject, body, sender, recipients) and apply metadata like categories or tags for filing inside Outlook.

The Add-in doesn't create or send emails on your behalf.

Benefits:

  • File emails and their attachments to Xakia matters or your integrated DMS (SharePoint) without leaving Outlook.

  • Tag emails with the Xakia Filing Indicator (XFI): the Add-in marks emails as "Filed by Xakia" and shows an orange banner on unfiled emails, so you get immediate context on filing status.

  • Turn on automatic conversation filing for an email thread to save all later emails in that conversation to the linked matter. This needs to read new emails in the thread and write filing metadata.

  • See contextual actions, like a File email button, based on the email's filing status.

  • Build toward upcoming features: this permission is foundational for Compose, Send and File, and Add Xakia attachments to email.


Read and write access to user and shared mail

Extends that access to shared mailboxes, like team inboxes. Your whole team can then use every filing and matter-management action (filing emails, the Xakia Filing Indicator, setting up conversation filing) on emails in a shared mailbox, which keeps document management consistent when several people work the same inbox and gives you a unified approach to matter management.


Maintain access to granted data

Lets the Add-in keep access to mailbox data after Outlook closes, which supports background operations and reauthentication. You won't get repeated permission prompts, so you keep uninterrupted access to Xakia inside Outlook and can stay in your inbox with less friction.


Sign in and read user profile

Authenticates you through Microsoft 365 and reads basic profile info (name, user ID) to link your Outlook activity to your Xakia account. This means your actions (creating matters, adding tasks and key dates, filing emails) are correctly attributed to you in Xakia, and views like My Matters show the information relevant to you.


For IT teams

The rest of this article is for administrators deploying the Add-in.


Two-part architecture and admin consent

The Add-in has two parts:

  • Outlook Add-In UI: the user-facing interface, available from the Microsoft App Store, where you file emails and interact with Xakia from Outlook

  • Azure App (Microsoft Entra ID): a secure backend component in your Microsoft 365 tenant that enables advanced capabilities like email classification and category tagging

Because the Azure App connects to Microsoft Graph for mailbox access, setup requires admin consent to register it in your organization's environment.

For full Outlook functionality, the Azure app needs administrator consent to delegated permissions. Granting this consent up front, before rollout, lets your users access every feature without individual consent prompts.


Delegated authentication and controlled access

The Add-in uses delegated authentication, so access is limited strictly to the signed-in user's mailbox:

  • It only accesses emails you select or interact with, with no background scanning or bulk access

  • It doesn't use application permissions, so it can't reach other users' mailboxes

This keeps it privacy-first and aligned with least privilege.


Security and compliance

The Add-in is built on Microsoft Graph APIs, Microsoft's preferred method for secure integration with Microsoft 365. We're certified to ISO 27001, SOC 2 Type II, and HIPAA, and we roll out updates regularly for performance, compatibility, and emerging threats.


Deployment options

  • Microsoft App Store: users install it directly (admin approval may be required, depending on your settings)

  • Microsoft 365 Admin Center: IT teams deploy it centrally to groups or the whole organization

  • Manual installation: for cases where direct or centralized install isn't suitable

We'll help you migrate from legacy versions of the Add-in with clear guidance.

Did this answer your question?