UiPath Activities

The UiPath Activities Guide

Microsoft Office 365 Scope


Uses the Microsoft identity platform to establish an authenticated connection between UiPath and your Microsoft Office 365 application. This authenticated connection enables a Robot to call the Microsoft Graph API to read and write resources on your behalf.

To establish your authenticated connection, you first register your Microsoft Office 365 application in your Azure Active Directory (using your personal, work, and/or school Microsoft Office 365 account). When registering your application, you assign the Microsoft Graph API permissions that specify the resources a Robot can access on your behalf.

After registering your Microsoft Office 365 application, Azure Active Directory assigns a unique application (client) ID that you enter in the Microsoft Office 365 Scope activity. The ApplicationID is used to collect the necessary information about your registered app to initiate authentication.


How to register your app and assign permissions

To learn more about registering your application and assigning permission, see the Setup guide. This guide provides step-by-step instructions to configure your Microsoft Office 365 application for automation.


Application Id and Certificate (Unattended)

  • CertificateAsBase64 - The base64 representation of the certificate.



This property is required if AuthenticationType is set to ApplicationIdAndCertificate.

  • CertificatePassword - An optional password that may be required to use the certificate, as a Secure String.

Application Id and Secret (Unattended)

  • Application Secret - The secret string that the application uses to provide its identity.
  • Secure Application Secret - The Application (client) secret, as a SecureString.



One of these properties is required if AuthenticationType is set to ApplicationIdAndSecret.


  • Application Id - The unique application (client) ID assigned by the Azure Active Directory when you registered your app during Setup. The application (client) ID represents an instance of a Microsoft Office 365 application. A single organization can have multiple application (client) IDs for their Microsoft Office 365 account. Each application (client) ID contains its own permissions and authentication requirements. For example, you and your colleague can both register a Microsoft Office 365 application in your company's Azure Active Directory with different permissions. Your app could be configured to authorize permissions to interact with files only, while your colleague's app is configured to authorize permissions to interact with files, mail, and calendar. If you enter your application (client) ID into this property and run attended automation, the consent dialogue box would be limited to file permissions (and subsequently, only the Files activities can be used).
  • Authentication Type - The type of authentication required for your registered application. Select one of the five options: InteractiveToken, IntegratedWindowsAuthentication, UsernameAndPassword, ApplicationIdAndSecret or ApplicationIdAndCertificate. The default value is InteractiveToken. For more information about these options and which one to select, see the Unattended vs. Attended Automation section below.
  • Environment - The environment, either Azure Global or national clouds that are unique and separate environments from Azure Global. Select one of the five options: Default, Global, China, Germany or USGovernment. The default value is Global.
  • Services - The service(s) that you granted API permissions to when you registered your app during Setup. This field supports only MicrosoftService variables. Select one or more of the following services:
    • Files - Select this service to use the Files and/or Excel activities.
    • Mail - Select this service to use the Outlook activities.
    • Calendar - Select this service to use the Calendar activities.
    • Groups - Select this service to use the Groups activities.
    • Shared - Select this service to use the Planner activities.
      The default value is Unselected. If the necessary API permissions are not granted during app registration, the applicable activities will fail to run even if the service is selected in this property. For more information, see Add API permissions in the Setup guide.
  • Tenant - The unique directory (tenant) ID assigned by the Azure Active Directory when you registered your app during Setup. Required for multi-tenant applications and IntegratedWindowsAuthentication. The directory (tenant) ID can be found in the overview page of your registered application (under the application (client) ID).


  • ContinueOnError - If set, continue executing the remaining activities even if the current activity has failed.
  • DisplayName - The display name of the activity.
  • TimeoutMS - Specifies the amount of time to wait (in milliseconds) for the interactive authentication (consent dialogue box) to complete before an error is thrown. This field supports only integer and Int32 variables. The default value is 30000ms (30 seconds) (not shown).

Interactive Token

  • OAuthApplication - Indicates the application (client) to be used. If UiPath is selected, ApplicationID and Tenant are ignored. This field supports only OAuthApplication variables. Select one of the two options:
    • UiPath - Default. When you want to use the application created by UiPath. In this case, Application ID and Tenant parameter values are ignored.
    • Custom - When you want to create your own application with correct permissions. In this case, a value must be set for Application ID parameter.


  • Private - If selected, the values of variables and arguments are no longer logged at Verbose level.

Username and Password (Unattended)

These properties apply when you run unattended automation only. When specifying values for these properties, be sure the AuthenticationType property is set to UsernameAndPassword. For more information, see the Username and Password section above.

  • Password - The password of your Microsoft Office 365 account.
  • SecurePassword - The password of your Microsoft Office 365 account, as a SecureString.
  • Username - The username of your Microsoft Office 365 account.



Required if AuthenticationType is UsernameAndPassword.

How it works

The following steps and message sequence diagram is an example how the activity works from design time (i.e., the activity dependencies and input/output properties) to run time.

  1. Complete the Setup steps.
  2. Add the Microsoft Office 365 Scope activity to your project.
  3. Enter values for the Authentication, Input, and Unattended (if applicable) properties.

Unattended vs. Attended Automation

The Microsoft Office 365 Scope activity has four different authentication flows (AuthenticationTypes) that you can choose from when adding the activity to your project. Your selection is dependent on the type of automation mode you plan to run (unattended or attended) and your application authentication requirements (consult with your administrator if you're unsure which authentication requirements apply to your application).











IntegratedWindowsAuthentication or UsernameAndPassword authentication types do not work when Multi-Factor Authentication (MFA) is enabled.

If your application requires MFA, you can run attended automation using the InteractiveToken authentication type or unattended automation using ApplicationIdAndSecret and ApplicationIdAndCertificate.

ApplicationIdAndSecret and ApplicationIdAndCertificate authentication types are appropriate for unattended automation and work regardless of whether the MFA is enabled or disabled.

Interactive Token

The InteractiveToken authentication type can be used for attended automation and when multi-factor authentication (MFA) is required. This is the default option and what we use in our examples. If you're interested in "playing around" with the activity package, this option is easy to configure and works well for personal accounts (using the default redirect URI noted in step 7 of the Register your application section of the Setup guide).

When the Microsoft Office 365 activity is run for the first time using this authentication type, you are prompted to authorize access to the resources (you granted permissions to when registering your app) via a consent dialogue box.

If you select this option, the Username, Password, and Tenant properties should be left empty.

This authentication type follows the OAuth 2.0 authorization code flow.

Integrated Windows Authentication

The IntegratedWindowsAuthentication authentication type can be used for unattended automation. This option can apply to Windows hosted applications running on computers joined to a Windows domain or Azure Active Directory.

You should only select this option if your registered ap