The Office 365 integration connects Strategy Overview to your clients' Microsoft 365 tenants, syncing user accounts, license assignments, and MFA status. Unlike your PSA (which connects once and syncs all companies), Office 365 requires a separate connection for each client tenant.
What syncs
User accounts with their assigned licenses
License types and counts
MFA status for each user (shows "enabled" only when the user has completed MFA registration; see The Office 365 Module for how Strategy Overview interprets MFA status)
Setup Video
Before you start
Important: The Office 365 connection goes through Microsoft's authentication flow, which can be sensitive to browser state. To avoid issues:
Use an incognito/private browser window. Microsoft can get confused with cached cookies, especially if you're signed into multiple Entra accounts.
Log into Strategy Overview using your local account, not Office 365/SSO. If you log into Strategy Overview with SSO, the browser may get confused about which Entra account is initiating the request.
Use the main app domain. The initial connection must be made from https://app.strategyoverview.com, not your branded domain. After the connection is established, you can use your branded domain normally.
Step 1: Get the Tenant ID
You'll need the Tenant ID for each client's Microsoft 365 environment.
Go to the Azure Portal at https://portal.azure.com (note: https://portal.azure.us is not currently supported)
Find Microsoft Entra ID using search or the left navigation menu
Copy the Tenant ID from the overview page
Step 2: Connect in Strategy Overview
Go to Settings > Integrations > Add Integration > Office 365
Find the company you want to connect and click Connect
Enter the Tenant ID
In the Microsoft sign-in popup, sign in with an account that has admin access to the client's tenant
Grant the requested permissions (see Required permissions above for details)
If you see an error that says "Applications must be authorized to access the customer tenant before partner delegated administrators can use them," try using incognito mode and make sure you're not logged into Strategy Overview with Office 365/SSO.
Step 3: Grant API consent in Entra ID
After connecting from Strategy Overview, you need to grant admin consent in the Azure Portal:
Go to Azure Portal > Enterprise Applications
Find Strategy Overview API
Go to Permissions and click Grant admin consent
This grants the application-level permissions listed in the Required permissions section above.
Step 4: Force Sync
Click Force Sync to pull in the initial data. The data will appear within a few minutes. Check the logs to verify the sync completed.
Repeat for each client
Repeat Steps 1-4 for each company you want to sync. This is a one-time setup per client.
Adding Office 365 data to Reports
You can view Office 365 data in the Office 365 Module, or add it as a Part on your Reports:
Go to Settings > Strategy Templates > [Your Template] > Parts > Add Part
Label: Office 365
Type: Office 365
Icon: Windows
Click Save
Click Apply Part Settings to All Drafts to add it to existing open Reports
Once the Part is on your Report, you can rearrange the columns to fit your needs. Configure the column layout to show the information most useful for your vCIO conversations.
Required permissions
The integration requires the following Microsoft Graph API permissions. These are requested during the connection process (Step 2) and must be granted admin consent (Step 3).
Application permissions (require admin consent)
Permission | Description | Why it's needed |
User.Read.All | Read all users' full profiles | Syncs user account details and license assignments across the tenant |
Directory.Read.All | Read directory data | Reads tenant directory structure, group memberships, and organizational relationships |
Organization.Read.All | Read organization information | Retrieves tenant-level details such as subscription and licensing information |
Reports.Read.All | Read all usage reports | Accesses Microsoft 365 usage reports for license utilization data |
UserAuthenticationMethod.Read.All | Read all users' authentication methods | Determines MFA enrollment and registration status for each user |
AuditLog.Read.All | Read all audit log data | Reads sign-in and audit logs to support security and compliance reporting |
Delegated permissions (used during sign-in)
Permission | Description | Why it's needed |
User.Read | Sign in and read user profile | Authenticates the admin performing the connection |
openid | Sign users in | Standard OpenID Connect sign-in scope |
View users' email address | Identifies the signed-in admin by email | |
profile | View users' basic profile | Reads the signed-in admin's basic profile information |
Note: All permissions are read-only. Strategy Overview does not write, modify, or delete any data in your Microsoft 365 environment.