Authenticating to Microsoft 365

Hong Ooi


The first time you call one of the Microsoft365R client functions, it will use your Internet browser to authenticate you with Azure Active Directory, in a similar manner to other web apps. You will get a dialog box asking for permission to access your information. Your login information is saved, so you should only have to authenticate once.

Using the device code flow

Microsoft365R’s default authentication method assumes that your R session can access the Internet via a browser. If this is not the case, for example if you are using Databricks or RStudio Server, you can switch to the device code flow by passing the auth_type="device_code" argument:


This will print an access code and URL on the screen. You login to the URL using a browser on another device, and type in the code. Once this is done, Microsoft365R will complete the authentication process.

Specifying the tenant

When authenticating to the Microsoft 365 Business services, Microsoft365R will detect your Azure Active Directory tenant from your logged-in credentials in the browser. Sometimes this doesn’t work, in particular if you are logged in with a personal account that is also a guest account in a tenant. To solve this, specify your tenant name with the tenant argument:

get_sharepoint_site("My site", tenant="mytenant")
get_team("My team", tenant="mytenant")

App registration and approvals

For authentication purposes, the package is registered as an app in the ‘aicatr’ AAD tenant; depending on your organisation’s security policy, you may have to get an admin to grant it access to your tenant. See for details on the app, including the permissions it requires.

Using your own app registration

Rather than getting the Microsoft365R app approved, you can also use your own app registration for authentication. If you want to use the default authorization code flow, the app registration should have a redirect URI of https://localhost:1410, and if you want to use the device code flow, the “Allow native client” setting should be enabled. It should also have the same default permissions as the Microsoft365R app (see above).

Once the app has been registered, you can pass the app ID to Microsoft365R in a couple of ways.

Using other app registrations: last-resort workarounds

The above methods are the recommended solutions to dealing with access restrictions on Microsoft365R. If they are not feasible, it’s possible to work around these issues by piggybacking on other apps:

Be warned that these workarounds may draw the attention of your admin!