Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.neoagent.io/llms.txt

Use this file to discover all available pages before exploring further.

How it works

Neo connects to your client Microsoft 365 tenants through the Neo Automations app registration. You install this app once per tenant with the necessary permissions, and Neo can then perform automated actions on behalf of your MSP. The integration uses:
  • Microsoft Graph API for user management, licensing, and group operations
  • Exchange Online PowerShell for mailbox and email operations
The steps below must be completed for every Microsoft tenant you want to connect to Neo.

1. Find the tenant ID

Use the tenant ID when authenticating the Neo Automations app.
Find tenant ID in Microsoft Entra ID

2. Add the company in Neo Dashboard

  1. Go to https://dashboard.neoagent.io/end-companies and select New Company
Create a new company
  1. Fill details
    • Pax8 is optional (only if you manage Microsoft licenses via Pax8)
    • Custom instructions are optional for onboarding/offboarding policies
  2. Click Create
Company details and access buttons
  1. Click both key icons to grant Application and Delegated access to Neo.
    • Sign in as a tenant admin with one of: Global administrator, Privileged authentication administrator, Authentication administrator
    • Complete the standard Microsoft consent flow
Grant app and delegated permissions
Application access lets Neo perform actions like creating users and assigning licenses. Delegated access lets Neo perform actions on behalf of a signed-in admin for tasks like password resets and disabling users.
Neo automatically assigns the Exchange Administrator role to the Neo Automations app after consent, so mailbox actions (shared mailboxes, forwarding, delegation) work out of the box. No manual role assignment is needed.
Neo keeps delegated access alive automatically. Microsoft expires delegated refresh tokens after 90 days of inactivity, so Neo runs a background job that rotates each tenant’s token well inside that window. No MSP action is required to maintain access — if a refresh ever fails terminally (e.g. an admin revoked consent in the Entra portal), Neo will notify you in the dashboard inbox with re-authorization instructions.
You’ve completed permissions. Neo can now perform actions across Microsoft Graph and Exchange Online.