All guides
Connecting Microsoft 365 or Outlook

Connecting Microsoft 365 or Outlook

~4 min read

Closr drafts emails for you, sends them through your Microsoft inbox (Outlook / Microsoft 365 / Office 365), and parses inbound replies into the right contact thread. To do that, you connect your mailbox through Microsoft's OAuth screen. Like Google, you'll see a consent screen and (during beta) an "unverified app" warning before you can finish. This guide walks you through the whole thing.

Who this is for

  • **Microsoft 365 / Office 365** work email — your custom-domain mailbox runs on Microsoft (the vast majority of brokerage email setups, REMAX corporate, KW corporate, Royal LePage corporate, and most independent brokerages).
  • **Outlook.com / Hotmail.com / Live.com** personal accounts.
  • **Microsoft 365 Business** accounts (Family / Personal tiers also work).

Not sure if your email is Microsoft 365? Try signing in at outlook.office.com or office.com with your work email. If it logs in, you're on Microsoft 365.

Why you'll see the "unverified app" warning

Closr is in Microsoft's app-verification queue. Like Google, Microsoft makes unverified apps show a warning to users before they can grant access. That's a deliberate beta posture — verification is in progress; the warning will go away once it completes.

Practical impact: you'll see a warning screen during the OAuth flow. You click through it. Closr never sees your Microsoft password (Microsoft handles the login itself).

The exact click-through

  1. 1In Closr, go to **Settings → Integrations**. Click **Connect** next to Microsoft. A consent modal lists the permissions Closr is asking for. Click **Continue**.
  2. 2Sign in with your Microsoft account — the work email you got your invite at. If you're already signed in to Outlook in another tab, Microsoft may skip this and go straight to the consent screen.
  3. 3Microsoft shows a consent screen listing what Closr is requesting (Mail.ReadWrite, Mail.Send, Calendar, profile info). You'll usually see a small note: **"This app isn't verified by Microsoft."** Don't close the tab.
  4. 4Click **Show details** or **Accept** to proceed (the button label varies). On the unverified-app screen specifically, click **Advanced** and then **Continue**. Microsoft's wording is sometimes "Go to closr.app" or just an "Accept" button — accept it.
  5. 5Microsoft sends you back to Closr's Integrations page. The Microsoft row shows **Connected** with a green check, and your inbox starts syncing within a few minutes.

That's it. You won't see the warning again on this account.

The admin-consent edge case (Microsoft 365 work accounts only)

Some IT-strict Microsoft 365 tenants disable third-party app consent at the user level. If your IT admin has that on, you'll see a screen that says **"Approval required"** or **"This app requires admin approval"** — meaning your IT person has to add Closr to the allowed list before you can connect.

  • Forward Ara's invite email to your IT person, or
  • Ask them to allow third-party app consent for Closr in your Microsoft Entra admin panel (Microsoft Entra ID → Enterprise applications → Consent and permissions → allow user consent for verified or specific publishers), or
  • Use the IMAP path instead — Closr's IMAP option works regardless of tenant policy. See the "Connecting an IMAP inbox" guide.

Most independent agents and small-team brokerages don't have this admin-lock-down. It mostly affects larger franchises (some KW regions, some REMAX corporate, banks, insurance companies). If you're a solo agent or a small team, you can almost certainly self-consent.

What Closr is asking for, and why

Four Microsoft Graph scopes, no extras:

  • **Mail.ReadWrite**: send email from your address, read inbound replies so they thread into the right contact, mark messages as read, apply Closr labels, archive when deals close. This is the load-bearing scope. Without it, the inbox half of Closr doesn't work.
  • **Mail.Send**: send mail on your behalf. Distinct from Mail.ReadWrite for Microsoft's permission model.
  • **Calendars.ReadWrite**: Closr creates events for showings and appointments, and reads your existing events to avoid double-booking. Same Microsoft grant covers it.
  • **User.Read**: Closr needs to know which Microsoft account you connected (your email address and display name). No other profile data is read.

What we don't ask for: hard-delete on your mailbox, contacts read/write, OneDrive access, Teams access, or anything outside the four above.

What changes once you're connected

  • Inbound emails from your contacts (and from human senders Closr doesn't already know) parse into the right thread. Bulk senders (no-reply, mailing lists, marketing platforms) are filtered out.
  • Outbound chat-drafted emails go through your Microsoft account, from your real address. Recipients see your normal "from" name and signature.
  • BrokerBay, ShowingTime, and Realtor.ca confirmation emails auto-route into Showings and Leads.
  • Your Outlook calendar starts syncing both directions — events in Closr appear in Outlook, and vice versa.

A few things to know

If you ever revoke Closr's access in your Microsoft account settings (account.microsoft.com → Privacy → Apps and services), the Integrations page will show the row as "Reconnect." Click it and run the same flow again. Your historical threads stay; only the live grant needs renewing.

If "Connect" errors out at Microsoft's screen with "AADSTS" something, you've hit a tenant-policy issue. Forward the error message to Ara — he can usually tell within a few minutes whether it's an admin-lock-down (your IT) or a Closr-side config issue (his to fix).

Outlook.com / Hotmail.com / Live.com personal accounts don't have tenant admins, so the admin-consent edge case never applies to you. You just self-consent and go.