BumblebeeBumblebee
Integrations

Microsoft 365

Overview

The Microsoft 365 integration enables you to automate user lifecycle management, license provisioning, and group membership through Bumblebee workflows. Streamline employee onboarding, manage access to enterprise applications, and maintain organizational structures in Azure Active Directory.

Prerequisites & Setup

Before setting up the Microsoft 365 integration, you need:

  • An Azure Active Directory tenant
  • An Azure AD application with appropriate Microsoft Graph API permissions
  • Application (client) credentials (client ID and client secret)
  • Generate Admin Consent in each client tenant for this new Azure AD application

Register an Application in Azure AD

  1. Sign in to the Azure Portal
  2. Navigate to Azure Active Directory > App registrations
  3. Click New registration
  4. Configure the application:
    • Name: "Bumblebee Integration"
    • Supported account types: Select based on your multi-tenant needs
  5. Click Register
  6. Note the Application (client) ID and Directory (tenant) ID

Configure API Permissions

  1. In your app registration, go to API permissions
  2. Click Add a permission > Microsoft Graph > Application permissions
  3. Add the following permissions:
    • User.ReadWrite.All - Read and write all users' full profiles
    • UserAuthenticationMethod.ReadWrite.All - Read and write all users' authentication methods (required for MFA reset)
    • User-PasswordProfile.ReadWrite.All - Read and write users' password profiles (required for password resets)
    • GroupMember.ReadWrite.All - Read and write all groups
    • Directory.ReadWrite.All - Read and write directory data
    • Application.ReadWrite.All - Read and write applications
    • AppRoleAssignment.ReadWrite.All - Manage app role assignments
    • SecurityAlert.Read.All - Read security alerts for threat detection
    • AuditLogsQuery.Read.All - Query unified audit log for compliance monitoring
    • Files.Read.All - Read OneDrive usage information and file metadata
    • Organization.Read.All - Read organizations
  4. Click Grant admin consent for your client organization

Create a Client Secret

  1. Go to Certificates & secrets
  2. Click New client secret
  3. Add a description: "Bumblebee Integration"
  4. Select an expiration period
  5. Click Add
  6. Copy the Value immediately (shown only once - save it securely)

Configure in Bumblebee

  1. Go to the Integrations page in Bumblebee
  2. Select Microsoft 365
  3. Enter your credentials:
    • Tenant ID
    • Client ID
    • Client Secret
  4. Click Test Connection
  5. Save the configuration

Available Tools

User Management

  • list_users - List users in the Microsoft 365 tenant via Microsoft Graph API. Optional: select_fields (str), filter_query (str), top (int)
  • get_user - Get a specific user by ID or userPrincipalName via Microsoft Graph API. Required: user_id (str). Optional: select_fields (str)
  • create_user - Create a new user in the Microsoft 365 tenant. Required: display_name (str), mail_nickname (str), user_principal_name (str), password (str). Optional: account_enabled (bool), force_change_password_next_sign_in (bool), given_name, surname, job_title, department, office_location, mobile_phone, usage_location
  • update_user - Update an existing user's profile properties in Microsoft 365. Required: user_id (str). Optional: display_name, given_name, surname, job_title, department, office_location, mobile_phone, usage_location, account_enabled (bool)
  • delete_user - Delete (soft-delete) a user from the Microsoft 365 tenant. Required: user_id (str)

Group Management

  • list_groups - List groups in the Microsoft 365 tenant via Microsoft Graph API. Optional: select_fields (str), filter_query (str), top (int)
  • get_group - Get a specific group by ID via Microsoft Graph API. Required: group_id (str). Optional: select_fields (str)
  • list_group_members - List all members of a Microsoft 365 group. Required: group_id (str)
  • add_group_member - Add a user to a Microsoft 365 group. Required: group_id (str), member_id (str)
  • remove_group_member - Remove a user from a Microsoft 365 group. Required: group_id (str), member_id (str)

License Management

  • list_subscribed_skus - List all commercial license subscriptions (SKUs) in the Microsoft 365 tenant.
  • assign_license - Assign a license (SKU) to a user in Microsoft 365. Required: user_id (str), sku_id (str). Optional: disabled_plans (List[str])
  • remove_license - Remove a license (SKU) from a user in Microsoft 365. Required: user_id (str), sku_id (str)
  • get_user_licenses - Get all licenses assigned to a specific user. Required: user_id (str)

Directory & Organization

  • list_domains - List all verified domains in the Microsoft 365 tenant.
  • list_directory_roles - List all activated directory roles in the Microsoft 365 tenant.
  • list_directory_role_members - List members of a specific directory role. Required: role_id (str)
  • get_organization - Get organization details including tenant ID, display name, verified domains, and settings.

Applications & Service Principals

  • list_applications - List application registrations in the Microsoft 365 tenant. Optional: filter_query (str), top (int)
  • list_service_principals - List service principals (enterprise applications) in the Microsoft 365 tenant. Optional: filter_query (str), top (int)

Security & Compliance

  • list_security_alerts - List security alerts from Microsoft Graph Security API. Optional: filter_query (str), top (int)
  • list_conditional_access_policies - List Conditional Access policies in the Microsoft 365 tenant. Optional: filter_query (str), top (int)
  • get_user_sign_in_activity - Get sign-in activity for a specific user. Required: user_id (str)
  • list_risky_users - List users flagged as risky by Microsoft Entra ID Protection. Optional: filter_query (str), top (int)

Authentication & Session Management

  • reset_user_password - Reset a user's password in Microsoft 365. Required: user_id (str), new_password (str). Optional: force_change_password_next_sign_in (bool)
  • revoke_user_sessions - Revoke all active sessions and refresh tokens for a user. Required: user_id (str)
  • list_user_authentication_methods - List all authentication methods registered for a user. Required: user_id (str)

Mail

  • send_mail - Send an email via Microsoft Graph on behalf of a user. Required: sender_id (str), to_recipients (List[str]), subject (str), body_content (str). Optional: body_content_type (str), cc_recipients (List[str]), bcc_recipients (List[str]), save_to_sent_items (bool)
  • get_mailbox_settings - Get mailbox settings for a user including automatic replies and timezone. Required: user_id (str)
  • update_mailbox_settings - Update mailbox settings for a user. Required: user_id (str). Optional: automatic_replies_status, external_audience, internal_reply_message, external_reply_message, scheduled_start, scheduled_end, timezone, language_locale
  • list_mail_folders - List mail folders for a user. Required: user_id (str)
  • list_messages - List email messages for a user from Microsoft Graph API. Required: user_id (str). Optional: folder_id (str), filter_query (str), top (int), select_fields (str)
  • get_message - Get a specific email message by ID. Required: user_id (str), message_id (str)

Kaseya Quote Manager

Connect Bumblebee with Kaseya Quote Manager (formerly Datto Commerce) to read quotes, sales orders, purchase orders, and product catalog data

myITprocess

Connect Bumblebee with myITprocess (Kaseya) to read client reviews, findings, recommendations, initiatives, and meetings for vCIO workflows

On this page

OverviewPrerequisites & SetupRegister an Application in Azure ADConfigure API PermissionsCreate a Client SecretConfigure in BumblebeeAvailable ToolsUser ManagementGroup ManagementLicense ManagementDirectory & OrganizationApplications & Service PrincipalsSecurity & ComplianceAuthentication & Session ManagementMail