The Xakia O365 Outlook Add-In follows the principle of least privilege, requesting only the minimal, user-delegated permissions required for its functionality. It uses delegated authentication, granting access solely to authenticated users and only for the specific email items they request. The add-in does not request or use application-level permissions to access all mailboxes.
Permission Requested (as seen in Microsoft Consent Prompt)
Read and Write Access to User Mail
Allows the add-in to view email content (subject, body, sender, recipients) and apply metadata like categories or tags for filing within Outlook.
NOTE: that the Xakia O365 Outlook Add-In does not create or send emails on a user’s behalf.
Benefits
Benefits
Efficient Email Filing: Enables users to file emails and their attachments to Xakia matters or the integrated DMS (SharePoint) without leaving Outlook.
Xakia Filing Indicator (XFI): Allows the add-in to visually tag emails as "Filed by Xakia" and display an orange banner for unfiled emails in the Xakia 0365 Outlook Add-In, providing immediate context on filing status.
Outlook Automatic Conversation Filing: This new feature allows users to activate automatic conversation filing on an email thread, saving all subsequent emails in that conversation to the associated matter. This requires reading new emails in the thread and writing filing metadata.
Contextual Actions: Provides a "file email" button and other actions based on the email's filing status.
Future Enhancements: This permission is foundational for upcoming features such as "Compose, Send and File" and "Add Xakia attachments to email," which will further enhance email management capabilities.
Read and Write Access to User and Shared Mail
Extends the above access to shared mailboxes (e.g., team inboxes), enabling collaborative filing and management.
Benefits
Benefits
Team Collaboration and Consistency: Enables all filing and matter management functionalities (e.g., filing emails, using the Xakia Filing Indicator, setting up conversation filing) for emails within shared mailboxes, ensuring consistent document management across the team. This supports scenarios where multiple team members manage emails in a shared inbox, promoting a unified approach to legal matter management.
Maintain Access to Granted Data
Lets the add-in retain access to mailbox data after Outlook is closed, supporting background operations and seamless reauthentication.
Benefits
Benefits
Seamless User Experience: Prevents repeated permission prompts, allowing users to maintain uninterrupted access to Xakia's features within Outlook. This contributes to the core objective of enabling users to stay in their Outlook Inbox and do more with Xakia by reducing friction and enhancing productivity.
Sign In and Read User Profile
Authenticates the user via Microsoft 365 and retrieves basic profile info (e.g., name, user ID) to link Outlook activity to their Xakia account.
Benefits
Benefits
User Authentication and Personalization: Enables users to sign into the Xakia add-in. It ensures that actions like creating matters, adding tasks/key dates, or filing emails are correctly attributed to the specific user within Xakia. It also allows features like "My Matters" to display relevant information, enhancing the personalized workflow for in-house counsel.
Additional Information for IT Teams
Two-Part Architecture and Admin Consent for Azure App:
The Xakia Outlook Add-In is built using a two-part architecture:
Outlook Add-In UI – The user-facing interface, available via the Microsoft App Store, allows users to file emails and interact with Xakia directly from Outlook.
Azure App (Microsoft Entra ID) – A secure backend component installed in your Microsoft 365 tenant. It enables advanced capabilities such as email classification and category tagging.
Because the Azure App connects to Microsoft Graph for mailbox access, the add-in requires admin consent during setup to register in your organization’s environment.
NOTE: For optimum function, the Azure app requires administrator consent of delegated permissions for full Outlook-related functionality. Xakia aims to mitigate unnecessary permission prompts for individual users by providing clients and their IT teams the ability to grant this admin consent proactively, prior to the new add-in's rollout. The admin consent to delegated permissions allows users to access all features without requiring individual consent prompts.
2. Delegated Authentication and Controlled Data Access:
The add-in uses delegated authentication, meaning access is limited strictly to the signed-in user's mailbox. Specifically:
It only accesses emails the user selects or interacts with — there’s no background scanning or bulk access.
It does not use application permissions, so it cannot access other users’ mailboxes.
This ensures a privacy-first experience, aligned with the principle of least privilege.
3. Xakia's Commitment to Security and Compliance:
Xakia is committed to enterprise-grade security. The add-in is built using Microsoft Graph APIs, the preferred method for secure integration with Microsoft 365 services.
We adhere to global standards, with certifications including:
ISO/IEC 27001:2022
SOC 2
HIPAA
These frameworks govern our handling of customer data across technical, physical, and legal layers. Updates to the add-in are rolled out regularly to address performance, compatibility, and emerging threats.
See here for more information: https://www.xakiatech.com/about/security
4. Deployment Options:
The add-in supports flexible installation methods to suit different IT environments:
Microsoft App Store – End users can install it directly (admin approval may be required, depending on settings).
Microsoft 365 Admin Center – IT teams can centrally deploy the add-in to groups or the entire organization.
Manual Installation – Available for special cases where direct or centralized installation isn’t suitable.
Xakia will assist organizations in migrating from legacy versions of the add-in, ensuring a smooth transition with clear guidance.