***
title: Outlook (Live Search) Setup for Enterprise Search
deprecated: false
hidden: false
metadata:
keywords:
* outlook
* email
* search
* enterprise
* live search
robots: index
***
This page is for the **Outlook (Next Gen) connector** and it can only be configured within the new enterprise search configuration experience explained below.
Please visit [this documentation](/ai-assistant/enterprise-search/built-in-content-connectors/overview) to learn more about Next Gen and Classic connectors.
Please visit [this documentation](/ai-assistant/enterprise-search/built-in-content-connectors/overview) to learn more about Next Gen and Classic connectors.
# System Overview
Microsoft Outlook (as part of Microsoft 365) is your organization's primary hub for email communication and calendar management. From an enterprise search perspective, Outlook is a critical system for knowledge available in emails, attachments, and meeting details. Moveworks connects to Outlook via Microsoft Graph APIs to perform **live search** across email content, returning results that based on user permissions, without storing or indexing any mailbox data.
### Authentication
Authentication is accomplished by creating and registering an [Azure App Registration](https://docs.microsoft.com/en-us/graph/auth-v2-service) for the following approach for live search:
* Uses delegated OAuth with a separate Azure App Registration and client secret
* End users sign in and provide consent for the first time; Moveworks then searches only the emails they can access in Outlook
* No enterprise-wide indexing of Outlook content occurs
### Permissions Enforcement
**Live Search:** Results are retrieved on behalf of the signed-in user using their delegated token, so source-system permissions are inherently enforced.
### API Usage
Moveworks uses the standard Graph API v1.0 to perform live search from Outlook. We use only delegated permissions with admin-granted access for live search.
### Content Types
**Live Search**
* **On-demand results** from the signed-in user’s accessible Outlook emails
* **Not indexed** into the enterprise corpus; fetched at query time after user consent
* **Note:** Currently, calendar events are not supported in live search
***
# Access Requirements
## Pre-requisites
Before you get started, make sure you have everything you need:
* **Admin roles**
* **Global Admin** permissions to create App registrations and grant admin consent
* **Environment details**
* Cloud environment: Commercial or GOV L4
## Understanding Permissions Scopes required for Enterprise Search
* `Mail.Read`: Required to read the user’s email messages.
* `Calendars.Read`: Required to read the user’s calendar events.
* `User.Read`: Required to view information about users.
## Instructions for Outlook Live Search
### 1. Register a new App
1. Sign in to the [Azure portal](https://portal.azure.com/)
2. Sign in to the [Azure portal](https://portal.azure.com/)
3. Select **Microsoft Entra ID** > **Manage** > **App registrations** > **New registration**
4. On the Register an application page, register an app with the following details
\| Field | Value |
\| :--- | :--- |
\| Name | `Moveworks` |
\| Supported account types | Accounts in this organizational directory only (Single tenant) |
\| Redirect URI | Platform: Web URI value:`https://.moveworks.com/auth/oauthCallback` |
5. From the overview page, note down the following values:
1. Directory (tenant) ID
2. Application (client) ID
### 2. Add Client Credentials
1. From the overview page, click on **Add a certificate or secret** link (Alternatively, Go to **Manage** > **Certificates and Secrets** in the left sidebar)
2. Click on **New client secret** button
3. Add a **description** and select your desired **expiry period** for the secret, and Click on **Add** button
4. Click on **Copy** button and **Save** the value of secret, as it's shown only once
### 3. Add Application API permissions & grant admin consent
1. Open the App Registration you created above and click on **Manage > API Permissions**
2. Click **Add a permission**
3. This will open a panel on the right side:
4. Select **Microsoft Graph**
5. Choose **Delegated permissions**
6. A search bar will appear
7. Search for the permissions you need to grant (noted above) and check the box for each
8. Once they’ve all been checked, click **Add permissions**
9. You’ll now see all the newly added permissions will have a status of **“Not granted for”** your organization
10. To complete the process, click **Grant admin consent** for your organization
11. If this panel appears, click **Yes, add other granted permissions to configured permissions** then **Save and continue**, then **Grant admin consent**, and then **Yes**
12. You will see **green** checkmarks on the newly added permissions if this was successful
***
# Setup in Moveworks
1. Log in to your org's **MyMoveworks** portal
2. Navigate to **Moveworks Setup** > **Connectors** > **Built-in Connectors**
3. Click **Create New**
4. Search and Select **Outlook (Next Gen)**
5. Click on Next: **Add Creds**
6. Input the following details (copied from steps above)
1. **Connector Name:** Name this connector for your future reference. Once set, this name cannot be changed
2. **Application (Client) ID:** The unique identifier for your Azure app registration
3. **Application Client Secret:** The secret key for your Azure app to authenticate with Microsoft Graph APIs
4. **Tenant (directory) ID:** Your organization's unique Azure Active Directory identifier
5. **Region (optional):** Select an option that will be used to establish the base URL. If no selection is made, the default option will be commercial. If GOV L4 is selected .us token url will be created
6. Click **Save**. This connector will now be used to configure live search from Outlook. Refer to the steps mentioned below
***
# Configuring Outlook for Enterprise Search
### Initialising setup
1. Log in to your org's **MyMoveworks** portal
2. Navigate to **Moveworks Setup** > **Answers** > **Ingestion** > **Enterprise Search**
3. Click on **Create New** or **Get Started**
4. Select **Outlook** from the dropdown list and click on the **Get Started** button
5. System Overview: This presents an overview of Outlook support from Moveworks
1. **Ingestion Summary:** Not applicable for Live Search systems
2. **Connector Selection:** In this configuration block, you are required to select the required connector to enable Moveworks to connect and fetch data or enable live search
3. **Content Selection:** In this configuration block, you are required to define the content that should be ingested within Moveworks
### Connector Selection and Validation
1. Once you click on Select Connector, a connector setup screen will appear as follows
2. Select the connector (from the dropdown) that you have created in the Connector Creation step
**Please note:** Only the Outlook connectors will appear in this list.
3. Once the connector is selected, you need to click on Start Validation to validate the connector credentials and required scope
**Connector Validation**
This is a mandatory step in order to save the configuration and move to the next step.
Moveworks validates the selected connector to check:
* Content: Moveworks validates whether connector has right scopes to fetch content
4. If the connector is validated successfully, you will see a green info banner as follows
5. If there are any credentials or scope issues, you will receive an error message as follows. Click on View Details to identify the issue. Refer to this **step-by-troubleshoot guide** (link to be added) to rectify any validation errors
6. Once the connector is validated successfully, you will be able to **Save** the configuration
7. Input the unique configuration name and **Save**
8. Once the configuration is saved, you can view the unique configuration name at the top of the screen. You can also click the pencil 🖊️ icon to edit the configuration name
9. Additionally, you will see a banner at the top of the screen with an Enable Live Search button. Click it to activate the Slack Live Search feature for your Enterprise Search web application
10. Additionally, you will start seeing an entry of your configuration in the Enterprise Search home page. You can click on your configuration to go to edit/ complete the configuration
***
# Connector Troubleshooting Guide