FAQ sur l'intégration de Microsoft Graph

Comment limiter les autorisations d'application à des boîtes aux lettres spécifiques ?

Pour limiter les autorisations de l'application à des boîtes aux lettres spécifiques, voir Documentation de Mircosoft

Where do I obtain the OAuth 2.0 token endpoint (v2) value from?

The OAuth 2.0 token endpoint comes from your Azure configuration. Add the endpoint when you configure and activate the Microsoft Graph integration.

Is the User.Read permission required?

This permission is required for the integration to work. The Type is Delegated and is not Application. Therefore, verify that there is a green check mark indicating admin consent is applied as well.

Is there a range of IP addresses that we need to add to the Azure from our end?

That is not required. Azure will connect with our public endpoints for all notifications.

Is there any configuration to mark the emails as read in the Azure inbox as soon as they are transferred to Genesys Cloud?

Ensure that the Mail.ReadWrite permission is set up in the Azure application. The Microsoft Graph integration marks the email as read once they are transferred to Genesys Cloud. 

Can we create a Campaign/Agentless domain with the same name as the inbound domain being used by Microsoft Graph integration?

Yes. Although reuse of domain names is not supported in Genesys Cloud as of now, this particular use case is supported.

How often are emails retrieved from the mailboxes?

Genesys Cloud receives Microsoft async notifications on changes occurring on the Microsoft Exchange server. This includes receipt of new emails. Microsoft Graph integration pulls emails when it receives the notifications on new emails.

Emails are being marked as read in my mailbox, but we have not received the email in Genesys Cloud. What could be wrong?

If emails are marked as read, it means that the system was able to download them. Check the following:

  1. Check the flow that is associated with the inbound route.

  2. Open the associated inbound flow and check how emails are being handled.

  3. Verify that you have have agents logged in the queue used by the workflow.

When an incoming email has multiple recipients from our domain, the email is routed only to one recipient and only one interaction is created in Genesys Cloud. Why?

By default, if an incoming email contains more than one email address that maps to more than one Genesys Cloud route, Genesys Cloud routes to only one of the email addresses. To route the email to all the destinations in the email, enable the Route to Multiple Destinations setting.

Why do we need to give the User.Read permission for the API in Azure?

The permission provides access to the user’s email address. If this permission is not granted, the Microsoft Graph integration is unable to read the related emails. The integration will not be able to process, encrypt, and scan emails. For more information, see Custom Microsoft Graph integration for inbound and outbound emails and Create subscription – Microsoft Graph v1.0.  Also note that the permission type is Delegated, and is not Application. For more information, see Microsoft Graph permissions reference – Microsoft Graph.

Is it mandatory to add Genesys Cloud IP addresses to connection filter policy? What is the impact if this step is not performed?

This is optional, but is strongly recommended. It avoids untrusted sources from reaching Microsoft email servers. If an IP is blocked, emails will bounce.

Will there be an authentication issue if the client secret that is set up in Azure and is used with the Graph integration expires?

Yes, when the client secret you used with the Graph integration has changed or expired, you will face authentication issues unless you make the change in the Genesys Cloud Graph integration too. Note that you cannot have a client secret in Azure without an expiry date. When you change the client secrets on the Azure side or the secrets expire, you must ensure you make the change in the Graph integration in Genesys Cloud as well. Otherwise, the integration will not work when the token from MS is refreshed. Because each time a request is sent, it includes the token’s validity. A best practice is to do changes at both ends with no delay. And if you make any changes with no delay, before the token is refreshed, emails will be pulled as expected.