1. Practifi Success
  2. System Administrator
  3. Integration Setup

Enabling Microsoft 365 Email Sync

Follow
Avatar
Learning Team

Please note: This content is intended for Practifi System Administrators and is technical. The steps described in this article may not be completed without System Administrator permissions. Please discuss your integration installation plans with your Practifi Customer Support Team for their assistance.

Overview

The Microsoft 365 Email Sync is a proprietary integration that automatically syncs emails and attachments between a firm's Outlook 365 instance and Practifi. Unlike the standard Salesforce/Outlook integration, emails are logged automatically without the need for users to opt in, manually log emails, or manually match emails to contacts within Practifi, giving your team a complete record of client communication without added effort. Another major advantage is that the integration is enabled on the firm's Outlook 365 email server rather than on users' email clients, meaning no additional installation or administration is needed on users' devices. The Microsoft 365 Email Sync is built on Microsoft's Azure cloud services, and can be hosted either in a firm's own Azure organization or as a tenant in Practifi's.

This article outlines the steps to enable Microsoft 365 email sync in your organization. For more information about the Microsoft 365 email sync, please consult our Using Microsoft 365 Email Sync article.

Before You Begin

Microsoft 365 Sync is a paid add-on feature. Contact your Client Success Manager to discuss pricing in more detail and sign up for the service.

Please note: The number of users granted access must match the number of licenses in your Practifi contract.

The Microsoft Outlook integration remains an excellent low-cost option for firms. However, Microsoft 365 Sync improves on it in two crucial ways:

  • Emails are captured automatically, rather than relying on the user to opt in to send them. This ensures your email history in Practifi is comprehensive and accurate, reducing your team's workload.

  • Microsoft 365 Sync is enabled on your email server rather than on devices, so you only have to set it up once to include everyone, instead of installing it for each employee individually.

The Microsoft 365 Sync page appears in the Settings app for all firms regardless of whether they've enabled the feature. If your firm hasn't enabled the feature, the page explains the feature's disabled state and provides a call to action for the administrator to contact their Client Success Manager.

Please note: This integration works only with Microsoft Cloud. It is not compatible with Exchange servers on-premises or self-hosted Exchange servers.

Sync Information 

How the Sync Works

Within Practifi, an Administrator matches each Practifi user to an Office 365 mailbox and sets the sync cadence, which can range from every 15 minutes to weekly. Whenever a matched mailbox sends or receives an email, that email is included in the next scheduled sync. When the sync runs, the sync engine processes all emails sent and received since the last run and sends them, along with their attachments, to Practifi, where they are matched to the corresponding user.

After the sync completes, a job is automatically scheduled to match emails to Entities and Contacts based on their email addresses. Email addresses used by the matching engine can be stored either in the Email and Alternate Email fields on the Entity/Contact record or in Contact Point Email records related to a Contact or Individual. Matched emails appear in the Activity Timeline of the matched Contact/Individual, giving your team a unified view of every client interaction. You can access unmatched emails from the Emails page in the user's Practifi app, review them, and map them to contacts as a mass action to keep client records complete with minimal manual effort.

When performing the initial sync with a firm's Microsoft 365 instance, we retrieve the last six months of message history. If a new user is added after the initial sync, the sync engine will retrieve that user's or mailbox's emails from the initial sync date to align with the rest of the organization.

Exclusions

A firm may not want to sync all emails. For this reason, an administrator can configure global exclusions, personal exclusions, and internal email domains to control what content is included in the sync, keeping your records focused on meaningful client interactions. These exclusions are only in effect on sync jobs after they have been established, so it is best practice to set them up before the initial sync.

We will touch on establishing these exclusions later, but in brief:

Global Exclusion - An exclusion that affects the entire organization, defined by an admin. These are useful for system emails from other tools a firm may use, such as a scheduling tool like Calendly, an HR platform like ADP, receipts from commonly used vendors, or any other email notifications that may be irrelevant to keep within Practifi.

Personal Exclusion - An exclusion that only affects a specific user, defined by that user. These are useful for user-specific email notifications, such as newsletter subscriptions, LinkedIn notifications, or general spam.

Internal Email Domains - An exclusion that affects the entire organization and will prevent emails that exclusively contain email addresses from internal domains from being synced. This is useful when a firm doesn't wish to sync internal communications.

Viewing Exclusions

You can view global and personal exclusions on the Exclusions tab in the Microsoft 365 Sync app. Use the buttons above the External Addresses table to filter by exclusion type.

 

 

Enabling Microsoft 365 Sync

General Concepts

The following sections contain information to help you through the enablement process for Microsoft 365 Sync in your Practifi instance and details on concepts that are core to successful enablement.

To complete the steps detailed in this article, you must have the following:

  • Global Administrator access for your firm's Office 365 account.
  • System Administrator access to your firm's Practifi organization.

Permissions

Once purchased, an administrator should have access to two new permission sets: Practifi - Add-Ons - Microsoft 365 Sync Administrator and Practifi - Add-Ons - Microsoft 365 Sync User. During the setup process, assign the Practifi - Add-Ons - Microsoft 365 Sync Administrator permission to your own user and any other user who will require admin-level access.

Once the setup is complete, all other users can be assigned the Practifi - Add-Ons - Microsoft 365 Sync User permission, which will grant access to the Emails page and the ability to define personal exclusions.

The Microsoft 365 Sync Page

Enabling the integration requires multiple steps in multiple areas of Salesforce Setup. For this purpose, the integration includes a dedicated setup page that consolidates all enablement and configuration. This page can be accessed by users with the Practifi - Add-Ons - Microsoft 365 Sync Administrator permission set by searching Microsoft 365 Sync in the App Menu.

 


We recommend familiarizing yourself with the tabs and sections on this page before beginning the enablement process, as you will return to it several times during enablement and configuration. 

Microsoft 365 Permissions Setup

To perform the required permission setup, you must have the following:

  • Global Administrator access for your firm's Office 365 account.
  • System Administrator access to your firm's Practifi organization.

As the administrator, you will need to enable Read/Manage inbox permissions for the admin account in the Microsoft 365 organization. Please be aware that you must add these permissions for each individual who requires the email sync function.

To add these permissions:

  1. Log in to your Office 365 Admin account and navigate to the Admin App.



     

  2. Navigate to Users > Active Users. Select the user. In the flyout menu, click the Mail tab and then Read and manage permissions.

     



     

  3. From here, select Add Permissions.


     
  4. Then, search for your Admin user (the same user whose credentials were used to authenticate the Named Credentials). Select the Admin user and click Add.


     
  5. Repeat this process for each user to be included in the sync.

Connecting Microsoft 365 and Practifi

Obtaining Authentication Credentials 

The next steps are for firms using the email sync service hosted on Practifi's Azure instance. If you would like to deploy the sync service to your own Azure tenancy, your setup will be different. If you're unsure, please reach out to your Client Success Manager. In general, most firms use the Practifi Azure instance. 

If your firm is using the Practifi Azure instance, send a request to Practifi Support to obtain the Consumer Key and Consumer Secret needed for the next steps. 

Create an Authentication Provider

First, create a new custom setting in Salesforce Setup:

  1. Open Salesforce Setup by selecting the Settings cog in the upper right-hand corner and selecting Setup from the drop-down menu.
  2. In the Quick Find Box, search for Custom Settings.
  3. On the Custom Settings page, click MS Integration Settings.
  4. On the MS Integration Settings page, click the Manage button at the top of the screen.
  5. On the Custom Setting screen, click the New button.
  6. Enter the following details:
  7. Other fields can be left blank or have default values. Click Save.

Next, create an Auth. Provider in the Microsoft 365 Sync app:

  1. Click the App Launcher and search for Microsoft 365 Sync.
  2. On the Microsoft 365 Sync page, under the Setup Assistant tab and in the Set up Microsoft 365 as an Authentication Provider section, click Go to Setup.
  3. From the Providers page, click New. Enter the following information:

Register URL as Remote Site

For Salesforce to communicate with an external site, its URL must be registered as a Remote Site. This step is only required for organizations that existed before Albariño. If your Practifi instance was created with this release already installed, you can skip this step.

  1. Open Salesforce Setup by selecting the Settings cog in the upper right-hand corner and selecting Setup from the drop-down menu.
  2. Use the Quick Find search bar in the top-left to search for and select Remote Site Settings.
  3. Click the New Remote Site button and add an entry with the following properties:
    • Name - Microsoft365Login
    • URL -  https://login.microsoftonline.com/

Create Named Credential

You will need to use the firm's Microsoft 365 administrator's login credentials to authenticate two sets of Named Credentials. The first set will be used to connect to the Practifi email sync service, and the second connects to the firm's Microsoft 365 instance via the Microsoft Graph API. It may be necessary to schedule a call with the firm's IT provider for this step.

  1. From the Microsoft 365 Sync Page, under the Setup Assistant tab and in the Store Login Details as a Named Credential section, click Go to Setup.
  2. On the Named Credentials page, click New Named Credential. Enter the following information:
    • Label - Microsoft365SyncService
    • Name - Microsoft365SyncService
    • URL - https://mssyncus01.onpractifi.com
    • Identify Type - Named Principal
    • Authentication Protocol - OAuth 2.0
    • Authentication Provider - Microsoft365Sync
    • Scope - [Leave blank. The scope will be inherited from the Auth. Provider.]
    • Start Authentication Flow on Save - Checked
    • Generate Authorization Header - Checked
  3. Once you click Save, you'll need to log in with the firm's Microsoft 365 administrator's credentials.
  4. Create another Named Credential with the following information:
    • Label - MicrosoftGraphAPI
    • Name - MicrosoftGraphAPI
    • URL - https://graph.microsoft.com
    • Identify Type - Named Principal
    • Authentication Protocol - OAuth 2.0
    • Authentication Provider - Microsoft365Sync
    • Scope - [Leave blank. The scope will be inherited from the Auth. Provider.]
    • Start Authentication Flow on Save: Checked
    • Generate Authorization Header: Checked
  5. Again, once you click Save, you'll need to log in with the firm's Microsoft 365 administrator's credentials.

Test Connectivity

From the Microsoft 365 Sync Page, under the Setup Assistant tab and in the Test Connectivity section, click Check. If the previous steps were performed correctly, you should see a green success notification appear. If you see an error message, confirm that the configuration has been done per the instructions.

Enable Users and Mailboxes

Assign the Practifi - Add-Ons - Microsoft 365 Sync User permission set to your users. The Microsoft Sync administrator user should also have the Practifi - Set Audit Fields & Update with Inactive Owner permission set assigned to their user profile.

Then link them to mailboxes on the Users & Mailboxes tab in the Microsoft 365 Sync Page. Users will only appear to be linked if they have the Practifi - Add-Ons - Microsoft 365 Sync User permission assigned to their profile.



 

Please note: While shared mailboxes are supported in this integration, groups and aliases are currently not supported.

Adding multiple mailboxes: If your firm has a lot of mailboxes to sync, so much so that adding them one by one would be very time-consuming, then you can use a data import tool to speed up the creation process. Here's how you do it:

  1. Export the mailbox list: From the Azure Portal, go to the Users section in Active Directory, then select Bulk Operations > Download users. Follow the prompts to complete the download process.

  2. Import the mailbox list: Use a tool such as the Salesforce Data Loader to facilitate the import. Add the records to the MS Graph User object, with field mappings as below:

    1. displayName: Name

    2. mail: Email Address

    3. userPrincipalName: User Principal Name

Mailbox Permission Considerations

As of the Alicante Bouschet release, we addressed a security consideration in shared Microsoft 365 tenant environments. Previously, administrators could view and add any mailbox during setup, regardless of permissions. This poses visibility and security risks, particularly for IT providers managing multiple client organizations within a single tenant. The system now validates permissions in real time, displaying only those mailboxes for which access has been granted.

Practifi checks mailbox permissions using Microsoft's mailFolders API during the user search. The process unfolds as follows:

  • An initial search query runs, limited to 100 potential matches (if more results are returned, the administrator adds more specific terms to refine the search).
  • For the shortlisted users, the system then sends up to five batch requests, each handling up to 20 permission checks, to verify access without overloading the process.
  • Only mailboxes where the authenticating admin has Read & Manage permissions are shown. This approach maintains efficiency even in larger tenants (thousands of users) and relies entirely on the Graph API, ensuring no impact from the Exchange Web Services (EWS) deprecation in October 2026. As a result, during sync configuration searches, visibility is restricted to authorized mailboxes only, supporting isolation across multiple client organizations.

Configuration should proceed as follows:

  • Organizations assign a dedicated Microsoft administrator account for Practifi authentication to each client organization.
  • Users grant mailbox permissions to the relevant organization's administrator account through the Microsoft 365 Admin Center (for example, Adele's mailbox appears in searches if permissions have been approved for [admin@example.com](mailto:admin@example.com), whereas Alberto's does not if approval is pending).
  • Tenant-level policies, including Address Book Policies and information protection barriers, are verified to support user segmentation. 

Confirm Settings and Activate 

Go to the Microsoft 365 Sync Page and review the configurable settings. Most of these configurable settings are straightforward. We currently recommend setting the Sync Frequency to 15 minutes.
 


 

Exclusion Lists

Exclusion lists are very important. Without them, a needlessly large volume of emails could be imported into your organization, causing clutter from emails that aren't useful in a CRM context. To avoid this, consult your firm's IT administrator and identify all domains to add to the Global Exclusions list. You may need to ask some questions to uncover the proper domains to add. For instance, ask about automated emails that your users may receive from tools or subscriptions your firm uses.

For instance, Practifi users may receive email notifications from Salesforce, such as Chatter updates, task assignments, and other system emails. In this case, *@[salesforce.com](http://salesforce.com) could be added to the exclusion list.

Internal Domains 

As with exclusion lists, defining internal domains will help prevent internal communications from cluttering the email sync. 

Activating the Sync

Once you're content with your settings, it's time to activate. Head back to the Microsoft 365 Sync Page and toggle the Confirm Settings and Activate switch. This will initiate the initial sync and schedule a series of rolling sync jobs, which can be seen in Setup > Scheduled Jobs. The jobs will be named and labeled MS Sync Job.

Please note: We include the previous six months' worth of email history in the initial sync, so it may take up to multiple days to complete, depending on the volume of emails involved and the number of users. If there are many mailboxes to sync, it may make sense to add users every few days rather than all at once.

Email Match Engine

After each sync job, a job for the email match engine is automatically scheduled. This job will be labeled MS Sync Email Matching Job and will execute after each sync run. Because of this delay, users should allow additional time after each sync interval for matched and unmatched emails to populate in the Emails list views.

Please note: We recommend that sync users not link their work email addresses to contacts in the system. This will cause their emails to get matched to this contact. 

 

If you're using the Orion integration, you'll need to update the Rep mapping so that the Rep email address isn't mapped to the Email field on the Contact object. Either remove the mapping, or map the Rep email address to a custom email field that the matching engine doesn't use.

Troubleshooting

Practifi Administrators can view error logs on the Logs & Errors tab within the Microsoft 365 Sync page. To view only error logs, click the Errors Only button to filter the page.

Errors that display 0 values in the Records Processed, Synced Successfully, and Errors columns are usually due to Graph API errors, such as an expired access token or internal errors. This type of error is often resolved when the sync re-runs.

Log entries with a Retry link often result from processing errors in Azure. We recommend clicking the Retry link next to the error to see if it resolves the issue. 

To retry all email and event sync errors from the past 30 days at once, click the Retry Errors from Last 30 Days button.


To view in-depth error logs, open the Salesforce Developer Console and use this query for more detailed information:

SELECT Id, practifi__Error_Message__c, practifi__External_System__c, practifi__Date_Time__c, practifi__Is_Error__c FROM practifi__Integration_Log__c WHERE practifi__external_system__c = 'Microsoft Email Sync' AND practifi__is_error__c = true ORDER BY practifi__Date_Time__c DESC

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more