How to use Microsoft 365 activities without Integration Service connections

About

You can now use the newer Microsoft 365 activities even if you don't have Integration Service, through Microsoft 365 Scope.

The Microsoft 365 activities designed specifically for Integration Service feature a Connection field, which enables you to choose a connection created through an Integration Service connector. When used inside Microsoft 365 Scope, the activities simply inherit the connection information from the Scope.

Authentication and projects types matrix

Microsoft 365
	Cloud		On-Prem
	Microsoft Office 365 Application Scope	Integration Service	Microsoft Office 365 Application Scope	Integration Service
Cross-platform
App ID & Certificate
App ID & Secret
OAuth - BYOA
OAuth - UiPath App
Username & Password
Integrated Windows Authentication
Windows
App ID & Certificate
App ID & Secret
OAuth - BYOA
OAuth - UiPath App
Username & Password
Integrated Windows Authentication

Connection methods

There are two ways to set up a connection in the Microsoft 365 Scope activity.

Connection method		Description	Benefits	Disadvantages
Asset Note: Recommended.		Uses an Orchestrator Asset to store the connection together with the Scope configuration. The asset is a JSON format. Every time it's used, the activity retrieves the configuration from the asset. Based on asset configuration, the Scope behaves differently; it identifies the authentication type and hides unnecessary fields. If the asset JSON isn't set properly, it prompts a validation error.	The activities benefit from design time lookups and can discover files, folders, lists, ranges, and others. The connection is easily transferable, as credentials aren't passed from one user to another in plain text. Can be configured by an Admin. It's more secure, because the credentials don’t reach the Studio workflow.	Requires an advanced user to configure the Asset. Not easy to set up by a Citizen Developer.
Properties Panel		Use the existing Properties panel to configure the connection credentials. The configuration can be added in plain text or through variables.	Easier to use. Keeps backward compatibility.
	Configuration through plain text Note: Not recommended.	Configure the Properties panel with plain text values.	The activities benefit from design time lookups and can discover files, folders, lists, ranges, and others.	Less secure, because the credentials need to be passed between users in plain text.
	Configuration through variables	Configure the properties panel with variables.	More secure, because the credentials don’t reach the Studio workflow.	The activities can't discover any resources at design time.

Microsoft 365 Scope asset format

Standard asset format

{
    "CertificateAsBase64": "",
    "CertificatePassword": "",
    "ClientSecret": "",
    "Environment": "Default" | "Global" | "China" | "Germany" | "USGovernment" | "USGovernmentDOD",
    "Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
    "OAuth2AppData": {
        "ApplicationId": "",
        "TenantId": ""
    }
}{
    "CertificateAsBase64": "",
    "CertificatePassword": "",
    "ClientSecret": "",
    "Environment": "Default" | "Global" | "China" | "Germany" | "USGovernment" | "USGovernmentDOD",
    "Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
    "OAuth2AppData": {
        "ApplicationId": "",
        "TenantId": ""
    }
}

UiPath application asset configuration

{
    "CertificateAsBase64": "",
    "CertificatePassword": "",
    "ClientSecret": "",
    "Environment": "Default",
    "Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
    "OAuth2AppData": {
        "ApplicationId": "f2f43f65-16a6-4319-91b6-d2a342a88744",
        "TenantId": ""
    }
}{
    "CertificateAsBase64": "",
    "CertificatePassword": "",
    "ClientSecret": "",
    "Environment": "Default",
    "Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
    "OAuth2AppData": {
        "ApplicationId": "f2f43f65-16a6-4319-91b6-d2a342a88744",
        "TenantId": ""
    }
}

Custom application asset configuration

Note: This is just an example. Configure your own application and retrieve the required OAuth2AppData.

{
    "CertificateAsBase64": "",
    "CertificatePassword": "",
    "ClientSecret": "",
    "Environment": "Default",
    "Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
    "OAuth2AppData": {
        "ApplicationId": "d47f7253-65ae-58n5-ag04-26109734e6de",
        "TenantId": "3ce4ef03-chb1-871f-94b0-345136965f10"
    }
}{
    "CertificateAsBase64": "",
    "CertificatePassword": "",
    "ClientSecret": "",
    "Environment": "Default",
    "Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
    "OAuth2AppData": {
        "ApplicationId": "d47f7253-65ae-58n5-ag04-26109734e6de",
        "TenantId": "3ce4ef03-chb1-871f-94b0-345136965f10"
    }
}

Limitations

The following features are not available when using activities inside Microsoft 365 Scope: triggers, bindings, and override experience.

Token refresh

There is no service available to refresh your connection tokens, like the one available in Integration Service.

If the Authorization Token isn't refreshed for a certain number of days, it expires, and you must re-authenticate. To avoid the expiration of authorization tokens, run a robot with that specific connection. Running an automation with the Scope activity refreshes the authorization token.