How to Connect Outlook/Microsoft 365 to n8n

Connecting Outlook to n8n requires registering an Azure app and configuring OAuth2 credentials. This takes 15-20 minutes the first time. Once configured, you can automate email triage, calendar management, and contact syncing without writing code.

This guide covers the complete setup process, including the exact API permissions you need and how to handle the most common authentication failures.

You need an Azure app registration to authenticate n8n with Microsoft's Graph API

. This is true whether you use Outlook.com, Microsoft 365, or Exchange Online.

Create the App Registration

1. Go to portal.azure.com and sign in with your Microsoft account.
2. Search for "App registrations" in the top search bar and select it.
3. Click New registration.
4. Fill in these fields:

   • Name: "n8n Automation" (or any name you'll recognize later)
   • Supported account types: Select "Accounts in this organizational directory only" for business accounts, or "Accounts in any organizational directory and personal Microsoft accounts" if you use a personal Outlook.com account
   • Redirect URI: Select "Web" from the dropdown, then enter https://oauth.n8n.io/callback
5. Click Register.

You'll land on the app overview page. Keep this tab open.

Copy Your Client ID

On the app overview page, find Application (client) ID. It looks like a1b2c3d4-e5f6-7890-abcd-ef1234567890.

Copy this value. You'll paste it into n8n in the next section.

Generate a Client Secret

1. In the left sidebar, click Certificates & secrets.
2. Under "Client secrets", click New client secret.
3. Add a description like "n8n integration key".
4. Set expiration to 24 months (you'll need to regenerate and update n8n when this expires).
5. Click Add.
6. Immediately copy the Value field (not the Secret ID). This value disappears after you leave the page.

Store this secret in a password manager. You cannot retrieve it again from Azure.

Configure API

API

Click to read the full definition in our AI & Automation Glossary.

Permissions

1. In the left sidebar, click API

   API

   Click to read the full definition in our AI & Automation Glossary.

   permissions.
2. Click Add a permission.
3. Select Microsoft Graph, then Delegated permissions.
4. Add these permissions:

   • Mail.ReadWrite - Read and send emails
   • Mail.Send - Send mail as the user
   • Calendars.ReadWrite - Manage calendar events
   • Contacts.ReadWrite - Access and modify contacts
   • User.Read - Sign in and read user profile
5. Click Add permissions.
6. Click Grant admin consent for [Your Organization] if you have admin rights. If not, ask your IT admin to grant consent.

Without admin consent, users will see a permission request popup on first authentication. This is fine for personal accounts but problematic in enterprise environments.

n8n stores authentication separately from workflows. You'll create one credential that any workflow can reuse.

Add the Microsoft Outlook Credential

1. Open your n8n instance (cloud or self-hosted).
2. Click your profile icon in the bottom left, then select Credentials.
3. Click Add Credential in the top right.
4. Search for "Microsoft Outlook" and select Microsoft Outlook OAuth2 API

   API

   Click to read the full definition in our AI & Automation Glossary.

   .
5. Fill in these fields:

   • Client ID: Paste the Application (client) ID from Azure
   • Client Secret: Paste the secret value you copied earlier
   • Scope: Leave the default or use offline_access Mail.ReadWrite Mail.Send Calendars.ReadWrite Contacts.ReadWrite User.Read
6. Click Save.
7. Click Connect my account.

A Microsoft login window opens. Sign in with the account you want to automate. After granting permissions, you'll return to n8n with a "Connection successful" message.

If you see an error, check the troubleshooting section below before retrying.

Start with a simple workflow to verify the connection works. You'll create a workflow that sends you an email when triggered manually.

Send a Test Email

1. Create a new workflow in n8n.
2. Add a Manual Trigger node (this lets you test the workflow on demand).
3. Add a Microsoft Outlook node after the trigger.
4. In the Outlook node:

   • Credential: Select the credential you just created
   • Resource: Message
   • Operation: Send
   • To: Your email address
   • Subject: "Test from n8n"
   • Body Content: "This workflow is working correctly."
5. Click Execute Workflow in the top right.

Check your inbox. You should receive the test email within 30 seconds. If not, check the node's output for error messages.

These workflows solve real problems in professional services firms. Copy the structure and modify the logic for your specific needs.

Auto-File Client Emails to SharePoint

This workflow monitors a specific folder in Outlook and uploads attachments to SharePoint when emails arrive from client domains.

1. Trigger: Microsoft Outlook - "Message Received" (set folder to "Clients")
2. IF node: Check if sender email contains "@clientdomain.com"
3. Microsoft Outlook node: Get message attachments
4. SharePoint node: Upload file to "Client Documents/[Client Name]" folder
5. Microsoft Outlook node: Move message to "Processed" folder

Set the trigger to poll every 5 minutes. Use the {{ $json.from.emailAddress.address }} expression to extract the sender domain and route to the correct SharePoint folder.

Create Calendar Holds from Email Keywords

This workflow scans incoming emails for phrases like "schedule a call" or "book time" and creates tentative calendar events.

1. Trigger: Microsoft Outlook - "Message Received"
2. IF node: Check if subject or body contains "schedule", "meeting", or "call"
3. Code node: Extract date/time using regex or AI (OpenAI node)
4. Microsoft Outlook node: Create calendar event (set status to "Tentative")
5. Microsoft Outlook node: Reply to sender with "I've added a tentative hold - please confirm"

This prevents double-booking while you manually confirm the meeting details. The Code node can use simple regex for "tomorrow at 2pm" or call GPT-4 for complex date parsing.

Sync High-Priority Contacts to CRM

CRM

Click to read the full definition in our AI & Automation Glossary.

This workflow watches for new contacts added to a specific Outlook folder and pushes them to your CRM

system.

1. Trigger: Microsoft Outlook - "Contact Created" (poll every 10 minutes)
2. IF node: Check if contact is in "VIP Clients" folder
3. HTTP Request node: POST contact data to your CRM

   CRM

   Click to read the full definition in our AI & Automation Glossary.

   API

   API

   Click to read the full definition in our AI & Automation Glossary.
4. Microsoft Outlook node: Add note to contact: "Synced to CRM

   CRM

   Click to read the full definition in our AI & Automation Glossary.

   on [date]"

Replace the HTTP Request node with a native CRM

node if n8n supports your system (Salesforce, HubSpot, Pipedrive, etc.).

"Invalid Client" Error

This means Azure can't match your Client ID to a registered app.

Fix: Go back to Azure Portal > App registrations. Verify the Client ID in n8n exactly matches the Application (client) ID shown in Azure. Check for extra spaces or missing characters.

"Redirect URI Mismatch" Error

Azure received an OAuth callback from a URL that doesn't match your registered redirect URI.

Fix: In Azure Portal, go to your app registration > Authentication. Verify the redirect URI is exactly https://oauth.n8n.io/callback for n8n Cloud, or https://[your-domain]/rest/oauth2-credential/callback for self-hosted instances. The protocol (https vs http) and trailing slashes matter.

"Insufficient Privileges" Error

The credential doesn't have permission to perform the requested operation.

Fix: Go to Azure Portal > App registrations > API

permissions. Verify you added the correct Microsoft Graph permissions (not Azure AD Graph). Click "Grant admin consent" if the status shows "Not granted". Wait 5 minutes for permissions to propagate, then reconnect the credential in n8n.

Credential Expires After 90 Days

By default, Azure refresh tokens expire after 90 days of inactivity.

Fix: Add offline_access to your scope in the n8n credential. This requests a persistent refresh token. If you already have offline_access and still see expiration, check Azure Portal > Enterprise applications > [Your App] > Properties. Set "Assignment required" to "No" to prevent token revocation.

"Too Many Requests" Error

You're hitting Microsoft Graph API

rate limits (typically 10,000 requests per 10 minutes per user).

Fix: Add a Wait node between operations in high-volume workflows. Set it to 1-2 seconds. For bulk operations, use the "Get Many" operations instead of looping through individual "Get" calls. Microsoft Graph supports batch requests for up to 20 operations in a single API

call.

Store your Client Secret in n8n's credential system, not in environment variables or workflow nodes. n8n encrypts credentials at rest.

Set your Azure client secret to expire in 24 months maximum. Add a calendar reminder to regenerate it before expiration. When you regenerate, update the credential in n8n immediately.

Use the principle of least privilege. If a workflow only reads emails, create a separate Azure app with only Mail.Read permission. Don't reuse the same credential across workflows with different security requirements.

For self-hosted n8n, restrict access to the credentials page using n8n's role-based access control. Only workflow administrators should view or edit OAuth credentials.