Table of Contents
ChatGPT Enterprise Apps for Email, Teams, and Calendar Use Graph to Fetch User Data
One of the more bizarre responses I received after questioning the state of the Microsoft Graph last week was the thought that Microsoft might be slowing the progress of the Graph APIs to stymie the apps developed by OpenAI to allow ChatGPT enterprise to access user email, calendar, and Teams items. The most recent development for the ChatGPT apps adds write access, with OpenAI saying that “You can now use apps like Microsoft Outlook email to draft emails for you, Google docs and sheets to create spreadsheets or docs, or setup meetings using the respective calendar apps.”
Being able to ask Outlook to draft emails or setup meetings in your calendar comes perilously close the kind of functionality boasted by Microsoft 365 Copilot as it seeks to exploit Work IQ, “the intelligence layer that personalizes Microsoft 365 Copilot to you and your organization.” Basically, if ChatGPT apps can extract data from user mailboxes and Teams, ChatGPT can add its own intelligence. Right now, the level of that intelligence is not the same as Microsoft 365 Copilot because Copilot can leverage the full range of Graph APIs to build a picture of what’s important to a user, but OpenAI is progressing.
ChatGPT Enterprise Apps Access to Microsoft 365 Content
Today, ChatGPT enterprise customers can install Entra ID apps created by OpenAI to access:
- SharePoint Online and OneDrive for Business.
- Mailbox items, including user calendars.
- Teams chats, channel messages, and tasks.
These are enterprise apps and are managed at that level. ChatGPT also has user-level apps that allow anyone with even the ChatGPT free plan to connect to SharePoint Online and OneDrive for Business. Entra ID blocks users from being able to grant access to sites and files, but an administrator can install the ChatGPT app (Figure 1) and grant the app delegated access to sites and files. Any user in a tenant can then upload files from SharePoint Online or OneDrive for Business to ChatGPT for processing.
If you unexpectedly find the ChatGPT app in your tenant, the simplest solution is to deactivate the app and find out which users scream about losing access to ChatGPT. Or simply delete the app (the ChatGPT app is easily recreated if necessary).
ChatGPT Enterprise Applications
The ChatGPT enterprise apps use the same technique with different permissions to access the target data. Having access to files, email, calendar, and Teams messages is a lot of valuable data for an AI product to be able to reason over. Granting that level of access to third-party apps raises all sorts of compliance issues, such as auditing access to files or even just auditing the interactions between AI and humans.
Access to Microsoft 365 content through Graph API-based apps is not seamless. For example, the apps (which used to be called connectors) cannot deal with content encrypted and protected by sensitivity labels. It would be technically possible to use a Graph API to remove a sensitivity label from SharePoint Online and OneDrive for Business files, if the signed-in user has the rights to do so, to allow the app to access the unprotected content. The problem occurs when replacing the sensitivity label (which I assume is desirable) because the assignSensitivityLabel Graph API to assign labels to files is a metered API that’s paid for using an Azure subscription.
Not Functionally Equivalent
Being able to load files, emails, meetings, and chats into ChatGPT enterprise is emphatically not functionally equivalent to Microsoft 365 Copilot. The ChatGPT apps are an answer for Microsoft 365 tenants that don’t want to buy Copilot but do want to take advantage of AI processing.
I believe that choosing ChatGPT Enterprise for this reason is a bad decision because it focuses exclusively on content processing and doesn’t take aspects like governance, auditing, selective blocks to sensitive content like Restricted Content Discovery and the DLP policy for Microsoft 365 Copilot. Essentially, organizations that choose to go down the ChatGPT route put the responsibility for handling sensitive and confidential material in the hands of individual users. Hope is nice to have, but it’s not the basis for a compliance and data governance policy.
Returning to the Graph APIs
Even though I think Microsoft could do better with the development of the Graph APIs, the fact that OpenAI has been able to create a set of highly functional Graph-based apps to extract information from Microsoft 365 locations testifies to the usefulness of the Graph. I don’t think Microsoft is deliberately slowing Graph development to stop OpenAI stealing any of its Work IQ thunder. That’s taking conspiracy theory a tad too far in my view.
Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365. Only humans contribute to our work!