General information about template stores
It’s important to note that TemplateManager365 works completely on your computer. The permissions you grant to TemplateManager365 are only used on your computer and never transferred to any server for processing.
The only server we operate for TemplateManager365 if to check if you have purchased a commercial license. See our firewall section if you want to enforce this.
Microsoft 365 permissions for Personal Edition
If you choose to store the templates in your personal mailbox (personal edition) the following permissions are required:
- Sign you in and read your profile: This is the general permission to allow you to sign into Microsoft 365.
- Read and write access to your mail: The personal store is a hidden folder in your Microsoft 365 mailbox therefore the plugin needs to be able to write and read email messages and subfolders of that folder. No other email folders are read or modified.
- Maintain access to data you have given it access to: Microsoft permissions are seperated into access and refresh tokens. The access token is the first token you get and requires you to login. The refresh token then lets the plugin tell Microsoft it is still working on your behalf (i.e. preparing or sending a mail merge) and get a refresh token to give the plugin continued access. This permission lets us get a refresh token without asking you every couple of minutes while you are sending a mail merge campaign. Despite what the permission indicates the token is never transferred outside of your Outlook instance and therefore as soon as you close the plugin or Outlook you will be asked to login again and no operations can occur when the plugin is not loaded.
If any of this is not clear enough, please contact us at [email protected] and we will do our best to improve this documentation.
Microsoft 365 permissions for Team Edition
Add files from your hard disk If you choose to store the templates in a Microsoft 365 group’s drive (team edition) the following permissions are required:
- Sign you in and read your profile: This is the general permission to allow you to sign into Microsoft 365.
- Read all groups: In order to list the groups you are a member of, the plugin needs to be able to read these.
- Full access to your files: The team edition stores templates in the drive of the Microsoft 365 group (also known as the “SharePoint Document Library” or “OneDrive for Business Drive”). Therefore the plugin needs to be able to read and write files in those drives. The plugin will always create a new root folder called TemplateManager365 to store the templates and only ever read or write files in that folder.
- Maintain access to data you have given it access to: Microsoft permissions are seperated into access and refresh tokens. The access token is the first token you get and requires you to login. The refresh token then lets the plugin tell Microsoft it is still working on your behalf (i.e. preparing or sending a mail merge) and get a refresh token to give the plugin continued access. This permission lets us get a refresh token without asking you every couple of minutes while you are sending a mail merge campaign. Despite what the permission indicates the token is never transferred outside of your Outlook instance and therefore as soon as you close the plugin or Outlook you will be asked to login again and no operations can occur when the plugin is not loaded.
If any of this is not clear enough, please contact us at [email protected] and we will do our best to improve this documentation.
Required firewall permissions
Microsoft 365 plugins are essentially single page web application which are loaded from our webserver at https://www.templatemanager365.com. Only HTTP GET permissions are required to fetch the plugin.
The plugin will communicate via HTTP GET and POST to Microsoft’s Graph API to store and retrieve templates. The plugin will never communicate with any other server.
Note: our infrastructure is hosted in the Microsoft’s European Azure datacenters.