For IT admins

Someone in your organization wants to use ContactGleaner, and your Microsoft 365 tenant requires admin approval for third-party apps. This page explains exactly what the app does and what access it needs, so you can make the call in a couple of minutes.

A gleaner securing the barn where the gathered contact cards are kept

What ContactGleaner does

ContactGleaner scans a user's own mailbox and calendar, uses AI to read email signatures, and turns the people they already correspond with into complete Outlook contacts. It reads the user's existing contacts so it recognizes people they already have and won't add anyone twice, and it reads the user's Outlook working-hours setting so scans run around their workday. Each user sees only their own mailbox, every contact is approved by the user before it's saved, and email content is never stored — only the extracted contact fields (name, title, company, phone) are kept.

What it can and cannot do

It can

  • Read the signed-in user's own mailbox and calendar
  • Read the signed-in user's existing Outlook contacts (to avoid duplicates)
  • Save new contacts to Outlook — only after the user approves each one

It cannot

  • Read another user's mail, calendar, or contacts
  • Send email or modify or delete any messages or calendar events
  • Store email content — only extracted contact fields are kept (name, title, company, phone)
  • Access your tenant beyond what the signed-in user already has access to

Permissions requested

All permissions are delegated — the app can only act as a signed-in user, never on its own and never across the tenant.

Mail.Read / Mail.ReadBasic

Reads email signature blocks to extract contact details. Message content is processed transiently and never stored.

Calendars.Read

Reads meeting attendee lists so attendees can be saved as contacts.

Contacts.ReadWrite

Reads the user's existing Outlook contacts so the app recognizes people they already have and never adds a duplicate, and saves user-approved new contacts to their address book.

MailboxSettings.Read

Reads the user's Outlook working-hours setting (working days, start and end times, and time zone) so scans run around their workday. Used only to schedule scans.

User.Read, openid, email, profile, offline_access

Standard sign-in: identifies the user and keeps them signed in between sessions.

Grant access for your organization

The button below takes you to Microsoft's standard admin-consent page, signed in as a Global Administrator of your tenant. One approval covers your whole organization — individual users won't see consent prompts afterward. You can review or revoke the grant at any time in the Microsoft Entra admin center under Enterprise applications → ContactGleaner.

Review & grant consent in Microsoft Entra

Questions before approving? Email support@contactgleaner.com — happy to walk through the data flow with you. ContactGleaner is a product of TMR Solutions, LLC.