Skip to main content
Skip table of contents

Requesting permission to access Microsoft 365

When you first install the app, it will ask you to Sign-in to Microsoft 365:

Screenshot 2024-05-14 at 16.27.11.png

Permissions requested

When you press the “Sign-in” button, a new window appears, and once you’ve signed-in to Microsoft 365, you will see that the app is requesting various permissions:

Screenshot 2024-05-12 at 18.01.09.png

The app has been developed by David Simpson Apps, a trading name of Concise Web Design Limited. We are an authorised Microsoft Partner.

The various permissions, and why they are required:

  • Maintain access to data you have given it access to

    • We store an access token with monday.com’s hosted “monday-code” secure storage in the monday.com infrastructure so that you can use the app can perform operations on your files.

  • Send mail as you

    • This permission is solely used to request access to files that other users need to share with you for access in monday.com.

  • Sign you in and read your profile

    • So that your details can be displayed in monday.com, and you can be contacted if you have not shared file access to others in Microsoft 365

  • Have full access to all files you have access to

    • So that you can perform operations on your files from within monday.com

  • Edit or delete items in all site collections

    • So that you can perform operations on your files from within monday.com

Although our app performs all the logic, we do not access your data, as all compute activity is performed on monday.com infrastructure using monday code, a platform for hosting apps on a secure, reliable, and scalable infrastructure.

The monday code platform is SOC 2 and ISO 27001 certified, and GDPR & HIPAA compliant.

Accept button

To continue using the app, press the “Accept” button.

Approval Requested

Some companies and organisations have an additional step requiring that you request permissions that require administrative consent.

In these cases, before you can use the app, your company’s Microsoft 365 admin will need to approve use of the app or some other internal approvals workflow within your company will need to be performed. Only then can you use the app.

If you require admin approval, you will see the following screen after entering your user credentials in the Microsoft 365 sign-in screen:

m365-request-approval.png

Storage of user data

What data does the app store?

For the Share Link Embed feature: We store no data. The URL of the embedded files are stored within your own monday.com instance.

For all other features: We store access tokens within monday.com’s infrastructure using their secure storage mechanisms. We also store limited metadata related to the file or folder within your own monday.com instance.

Where are user access tokens saved?

Our app uses the Secure Storage feature of monday code. This is based on at Google Cloud Platform (GCP) hosted version of HashiCorp’s Vault which is maintained by monday.com.

How can we delete user access tokens?

Access tokens stored within monday.com’s infrastructure can all be deleted at any time by individual users or in bulk by an admin user.

See Revoking access to Microsoft 365.

If you have already uninstalled the app, you will need to reinstall it to delete the access tokens.


What is monday code?

monday code is a platform developed by monday.com to streamline the deployment and management of applications built on their ecosystem. Unlike traditional hosting solutions, monday code provides developers with a fully managed environment, eliminating the need for self-hosting while maintaining security and compliance standards.

Technical architecture

monday code leverages a hybrid cloud architecture:

This separation ensures isolation between monday.com's core infrastructure and third-party apps while benefiting from GCP’s scalability.

What trust signals does monday code have?

The monday code platform is SOC 2 and ISO 27001 certified, and GDPR & HIPAA compliant.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.