What does the integration do?
Your procurement team lives in Cotiss. Their email and meetings live in Outlook.
Connecting Cotiss to Microsoft 365 brings the two together: vendor profiles stay in Cotiss, while your users keep working in the Outlook they already know and have the applicable information directly connected to the correct vendor profiles.
For more on what this Integration does and the value it provides, learn more here - Cotiss inbox : Microsoft Integration
Who is this guide for?
This guide is for Microsoft 365 / Entra ID administrators. It explains what permissions Cotiss needs and how to grant Microsoft integration approval.
Note: Cotiss takes the security of your data and our infrastructure very seriously. We carefully manage how data is accessed, stored, and transmitted, ensuring your organisation stays protected at all times.
Our data security and storage practices have also not changed since the conception of this integration. Visit our Privacy Policy and Trust Center pages for more details.
Before you start
To complete this setup, you’ll need:
A Microsoft 365 / Entra ID admin account (Global Admin or Cloud Application Administrator).
The Integration activation link. This would have already been sent to you by the Cotiss users who requested this integration either via email (from [email protected]), your internal ticketing system or a Cotiss user may have contacted you directly.
For Cotiss Users; If your IT team have not yet been sent this integration request, please follow this guide on How to request the Cotiss Inbox -Microsoft 365 Integration
Check your organisation’s Microsoft 365 tenant is using Exchange Online (other mail systems aren’t supported for this integration).
We also recommend deciding up front - who in your organisation will test the connection once admin consent is granted? (easiest user would be the Cotiss user who requested the integration)
For peace of mind - Conditional Access, MFA, and security policies
Cotiss uses your organisation’s standard Microsoft 365 authentication and security controls. In most environments, no additional configuration is required for Conditional Access or MFA. However, it’s helpful to confirm that the policies you already use for Outlook access in the event they block access to the Cotiss application. Cotiss connects to your Microsoft 365 tenant company-wide, meaning the integration is authorised once by a Microsoft IT admin and made available to all users through standard Microsoft OAuth flows.
Multi-Factor Authentication (MFA)
Cotiss fully supports MFA via your existing Microsoft 365 configurations.
Users will authenticate to Microsoft using the same MFA conditions that apply when they access Outlook or other Microsoft 365 services.
App protection policies & limitations
Cotiss does not require any mobile app protection policies (e.g., Intune MAM) because the integration connects directly to Microsoft Graph rather than through a device-level app.
There are no known Intune or MDM-related limitations affecting this integration.
If your organisation enforces strict app-allow/block lists, ensure the Cotiss application is permitted to authenticate.
SOC2 Type II Policy
Cotiss has achieved SOC 2 Type II attestation, independently validating the effectiveness of our security, availability, and confidentiality controls across our platform. This assessment is conducted annually and demonstrates our commitment to operating a secure and dependable environment for your organisation’s data.
Provide Microsoft Admin Integration Approval
In order to set up the 'Cotiss inbox', your Cotiss admin would have already gone through the process of sending a request for integration approval to you. You can receive this request either via your internal ticketing system or via email.
When you go to approve the Cotiss integration, Microsoft will display the permissions Cotiss needs in order to sync Outlook email and calendar activity to the right vendor profiles. These permissions allow Cotiss to read and organise identified vendor-related emails and meetings to the associated vendor.
We only surface activity from vendors selected by the administrator. They have control to allow or restrict the sync of any of the internal mailboxes at any time.
To grant approval for this integration:
Find the request your Cotiss Admin has sent to you. This would have already been sent to you by the Cotiss users who requested this integration either via email (from [email protected]), your internal ticketing system or a Cotiss user may have contacted you directly.
Open the Cotiss admin approval link found within that request.
Sign in to Microsoft 365 with your admin account.
Review the displayed Permissions requested by Cotiss.
Click Accept.
Permissions requested by Cotiss and why
Permission | What it enables | Required / Optional |
Calendars.ReadWrite | Enables Cotiss to sync and create meetings to vendors | Required |
Mail.Send | Allows Cotiss to send emails to vendors on behalf of Cotiss users | Required |
Mail.Read | Allows Cotiss to read and store email threads under the correct vendor profile | Required |
Group.Read.All | Allows Cotiss to read user groups for easy access control management | Required
|
User.Read.All | Allows Cotiss to get a list of Mailboxes | Required |
Sites.Read.All | Allows Cotiss users to browse Sharepoint or Onedrive Sites | Optional |
Files.Read.All | Allows Cotiss users to add files from Sharepoint or Onedrive Sites | Optional |
MailboxSettings.Read | Allows Cotiss identify a users time zone | Optional |
Note: Cotiss handles email and calendar data with strong security controls and careful data handling practices. More information is available on our Privacy Policy and Trust Centre.
Confirm the Integration is enabled
After you accept and approve the integration, your Cotiss admin will receive an email to inform them of your approval status and no additional action is required from your end!
If you have any questions or queries - feel free to reach out to our support team via the message icon in the bottom right!