Minimal Microsoft Entra Scopes Required

jtvino · December 15, 2025, 9:41pm

Describe the problem/error/question

I am trying to connect my microsoft entra IDP to n8n so users can access their outlook and teams from a n8n node.

Within your documentation, it lists these as the following scopes by default. However, these scopes, according to our admin team. are considered high level privileged roles.

It also state that when limiting scopes that “Keep in mind that some features may not work as expected with more restrictive scopes.”

I would like to know

What are minimal scopes to allow us to sign in and use basic functionality?
What does each scope allow the Microsoft nodes to do in the n8n application and what would we be missing if we didn’t have that scope enabled?

What is the error message (if any)?

Need admin approval

My-Organization-name

Microsoft.url

My-Organization-name needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.

Please share your workflow

Share the output returned by the last node

NA

Information on your n8n setup

n8n version: 1.112.5
Database : postgres
n8n EXECUTIONS_PROCESS setting: own, main
Running n8n via : Docker
Operating system: Openshift

achamm · January 18, 2026, 9:12pm

For basic Outlook and Teams functionality in n8n, you’ll need these minimal scopes:

- `User.Read` (basic user profile access)

- `Mail.ReadWrite` (Outlook email operations)

- `Calendars.ReadWrite` (calendar operations)

- `Team.ReadBasic.All` (basic Teams access)

Each scope enables specific functionality - for example, without `Mail.ReadWrite`, you wouldn’t be able to send emails through the Outlook node. The full default scopes provide broader administrative access, but these minimal ones should cover most user-level operations.

Would you like me to break down what each specific scope enables in more detail?