For IT admins
Someone in your organization wants to use ContactGleaner, and your Microsoft 365 tenant requires admin approval for third-party apps. This page explains exactly what the app does and what access it needs, so you can make the call in a couple of minutes.

What ContactGleaner does
ContactGleaner scans a user's own mailbox and calendar, uses AI to read email signatures, and turns the people they already correspond with into complete Outlook contacts. It reads the user's existing contacts so it recognizes people they already have and won't add anyone twice, and it reads the user's Outlook working-hours setting so scans run around their workday. Each user sees only their own mailbox, every contact is approved by the user before it's saved, and email content is never stored — only the extracted contact fields (name, title, company, phone) are kept.
What it can and cannot do
It can
- ✓Read the signed-in user's own mailbox and calendar
- ✓Read the signed-in user's existing Outlook contacts (to avoid duplicates)
- ✓Save new contacts to Outlook — only after the user approves each one
It cannot
- ✗Read another user's mail, calendar, or contacts
- ✗Send email or modify or delete any messages or calendar events
- ✗Store email content — only extracted contact fields are kept (name, title, company, phone)
- ✗Access your tenant beyond what the signed-in user already has access to
Permissions requested
All permissions are delegated — the app can only act as a signed-in user, never on its own and never across the tenant.
Mail.Read / Mail.ReadBasic
Reads email signature blocks to extract contact details. Message content is processed transiently and never stored.
Calendars.Read
Reads meeting attendee lists so attendees can be saved as contacts.
Contacts.ReadWrite
Reads the user's existing Outlook contacts so the app recognizes people they already have and never adds a duplicate, and saves user-approved new contacts to their address book.
MailboxSettings.Read
Reads the user's Outlook working-hours setting (working days, start and end times, and time zone) so scans run around their workday. Used only to schedule scans.
User.Read, openid, email, profile, offline_access
Standard sign-in: identifies the user and keeps them signed in between sessions.
Grant access for your organization
The button below takes you to Microsoft's standard admin-consent page, signed in as a Global Administrator of your tenant. One approval covers your whole organization — individual users won't see consent prompts afterward. You can review or revoke the grant at any time in the Microsoft Entra admin center under Enterprise applications → ContactGleaner.
Review & grant consent in Microsoft EntraQuestions before approving? Email support@contactgleaner.com — happy to walk through the data flow with you. ContactGleaner is a product of TMR Solutions, LLC.