Email API
Calendar API
Contacts API 
Scheduler
Notetaker API
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Google Meet integration
Zoom integration
Microsoft Teams integration
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Inspiration gallery
Build vs. buy
Customer stories
Security & Compliance
Why Nylas
Newsroom
Understanding Microsoft 365 admin approval (and what it means for your integration)
• 4 min read
This post is part of our “What to do when there’s no email admin” series — practical guides for anyone who suddenly finds themselves responsible for email systems they’ve never touched before.
If you missed earlier posts, start with:
If you’ve ever tried connecting a Microsoft 365 account to your app and suddenly hit a wall with an “admin approval required” message, you’re not alone.
At first, it can feel like something’s broken in your code. But it’s not you — it’s Microsoft’s security model at work.
Microsoft 365 gives organizations strict control over which apps can access their data. For many tenants, users can’t grant permissions to third-party apps on their own. Instead, an IT admin has to review the request and approve it for everyone in the organization.
These consent rules are managed through Azure Active Directory (Azure AD), which controls how apps connect to Microsoft 365 data. Depending on the tenant’s configuration, users may be able to self-approve third-party apps or may need an administrator to grant consent on their behalf. This Azure setting ultimately determines whether users ever see the “admin approval required” screen.
From a developer’s perspective, this safeguard is important context:
If you’re authenticating users through OAuth, this consent flow is part of how Microsoft secures the connection between your app and user data.
When a user with restricted consent settings tries to connect their account, they’ll see a Microsoft page explaining that the app requires admin approval. The connection stops there until an admin intervenes.
For you, that means users may reach out asking why the connection failed. The good news: the solution is simple.
This approval only needs to happen once per tenant. After that, the integration works as expected.
For more on OAuth flows and permissions, see the Nylas Developer Docs.
While it might feel like friction, Microsoft’s admin approval is also a trust signal. It shows your app is designed to work within enterprise-grade compliance and security controls.
For developers building B2B or productivity apps, aligning with Microsoft’s security model builds credibility with IT and enterprise customers — and helps your integration scale confidently.
If you or your customers run into the admin approval screen, the next step is straightforward: involve the Microsoft 365 admin and have them approve the app. Both approval paths — self-approval and admin approval — are covered step by step in our support article on Microsoft 365 admin approval. You can also explore how Nylas makes it simple to build secure, compliant integrations with email, calendar, and contacts APIs.
This post is part of our “What to do when there’s no email admin” series.
If you haven’t yet, read earlier entries:
This post is part of our “What to do when there’s no email admin” series…
This post is part of our “What to do when there’s no email admin” series…
This post is part of our “What to do when there’s no email admin” series…
Sr. Manager, Technical Support Engineering