Productivity integration
Technician mailbox context on the customer hub, plus tenant-wide MFA + role signals that feed posture + compliance.
What Vectis syncs
Vectis pulls recent email subjects and previews for the technician mailboxes you enumerate — bodies are never stored, only the metadata a dispatcher needs to see what's recently come in about a customer. Upcoming calendar meetings for those same mailboxes sync alongside. Tenant-wide, Vectis reads MFA coverage and privileged-account role data, plus license assignment per user (Microsoft 365 SKUs) so the security posture page and license-leakage surface have the signal they need.
What you can do
Microsoft 365 is a read-only adapter here — Vectis doesn't send mail, doesn't modify calendar entries, doesn't reset MFA. The value is in correlation: open a customer and see relevant technician mailbox context inline, watch MFA coverage drift as a posture finding, surface uncontracted M365 licenses against the PSA contract in the same place leakage from Pax8 and Sherweb shows up.
Honest about the limits
Mailbox sync is strictly scoped to the technician UPNs you explicitly enumerate — no other mailbox in the tenant is ever pulled, by design. Mail bodies are never stored anywhere in Vectis; only subject + preview metadata. Entra client secrets expire (default 24 months), so set a rotation reminder when you wire the integration — there's no automatic refresh for client-secret credentials.
How it correlates
Microsoft 365 on the customer account hub alongside every other system you run — not a standalone dashboard. A few of the most common shapes this takes:
Open a customer and see recent technician emails about them without leaving the page — subject + preview only, never the body. Mailbox sync is scoped strictly to the technician UPNs you enumerate; nothing else is ever pulled.
Tenant-wide MFA coverage and privileged role assignments populate the security posture page and compliance evidence packs. Missing MFA surfaces as a posture finding, not something to audit by hand.
Setup snapshot
In Entra ID, register a Vectis application and grant it the minimum Microsoft Graph scopes for what you want to surface — Mail.Read scoped to specific tech mailboxes via mailbox-policy, User.Read.All, Organization.Read.All, and so on. Generate a client secret and copy the secret Value (not the Secret ID — that's a common gotcha) immediately, because Entra hides the value after creation. Paste the tenant ID, app client ID, and client secret into Vectis, then enumerate the technician mailboxes the adapter is allowed to read from. Any mailbox not on the list is invisible to Vectis; this is the privacy guarantee that lets the integration sit alongside MFA + license posture without overreaching. Set a calendar reminder for client-secret rotation — Entra secrets expire and there's no automatic refresh path.
# In the Vectis hub, add the connector:
category Productivity
vendor Microsoft 365
status Read-onlyPricing
Microsoft 365 is available on every Vectis tier — $299/mo and up. See pricing
Also reachable over MCP — bring your own client → /mcp