Cas d'usage17 juin 2026• 8 min

Claude for Microsoft 365: Capabilities, Permissions and Data

"Analyze data, create presentations, write documents and manage your inbox with Claude." The promise is accurate, but it covers two very different mechanisms: Office add-ins that read and edit your files, and a Microsoft 365 connector that is read-only. The permissions, subscriptions and data flows are not the same.

Distinct mechanisms: add-ins and connector

30 d

Data retention of the Office add-ins

Default storage of the data, not the EU

Two products not to confuse

The Claude add-ins for Excel, PowerPoint, Word and Outlook appear as a side panel. Claude reads the open file or message and, depending on the app, edits it directly. The Microsoft Marketplace listing says it plainly: the add-in can read and modify the document and send data over the internet. They require a paid subscription (Pro, Max, Team or Enterprise).

The Microsoft 365 connector in Claude is different: from Claude, it queries your content in Outlook, OneDrive, SharePoint, Teams and calendars. It is available on all plans, including Free, but requires a work account tied to a Microsoft Entra tenant and admin consent. It uses delegated permissions and is read-only: Claude only sees what the user can already see, and creates, modifies, deletes or sends nothing.

What Claude does in the Office apps

Excel: reads a multi-sheet workbook, explains formulas with the cells involved, changes assumptions while keeping relationships, builds tables and charts.
PowerPoint: works inside your template, creates or restructures a deck, turns an Excel analysis into editable slides.
Word (beta): answers with links to sections, rewrites the selected passage, records changes in track changes, finds clauses by theme.
Outlook (beta): triages unread mail, summarises a thread, drafts a reply, reads attachments, prepares a meeting invite. Sending stays a human action.

Add-in or connector?

Office add-ins

In the app, on the open file or message. Paid plan. Read and edit. Email drafted, not sent. To produce and edit.

Microsoft 365 connector

In Claude, on the tenant. All plans, Entra consent. Read-only, per the user's rights. To search and summarise.

Where does the data go?

With the add-ins, the needed content is sent to Claude's infrastructure. Anthropic states that add-in inputs and outputs are deleted from its backend within 30 days, with exceptions. Importantly, these add-ins are currently not included in Enterprise audit logs or the Compliance API. With the connector, files stay in the tenant at rest and are not cached, but to answer, Claude receives and processes the excerpts, and results may be retained with a saved conversation.

Sovereignty: not automatic

Installing from Marketplace does not guarantee data stays in the Union. For its commercial products, Anthropic states traffic may be routed to countries in the US, Europe, Asia and Australia, with default storage in the US. GDPR compliance, data residency and sovereignty are three distinct things.

The main risks

Accidental oversharing: if SharePoint rights are too broad, the connector makes it easy to surface information a user would never have found alone.
Instruction injection: an external document may contain text designed to manipulate the assistant. Treat outside files as potentially hostile.
Silent errors: a convincing summary may omit a clause or confuse versions. References help verification, but do not replace it.
Missing logs and sensitive data: without full add-in auditing, some internal-control requirements are not met.

Recommended rollout policy

Separate the two products

Decide independently for the add-ins and the connector. Start with a pilot on low-sensitivity data.

Review permissions

Fix overly broad SharePoint, OneDrive and shared-mailbox rights before enabling cross-tenant search.

Frame data and contract

Disable cross-app work by default, define forbidden categories, check the DPA, sub-processors and international transfers.

Keep humans in the loop

Human validation before any email is sent or document shared, and a token-revocation procedure.

Sources

Microsoft Marketplace, Claude for Microsoft 365: marketplace.microsoft.com
Anthropic, Work across Microsoft 365 apps: support.claude.com
Anthropic, Set up the Microsoft 365 connector: support.claude.com
Anthropic Privacy Center, server location: privacy.claude.com

A controlled Microsoft 365 rollout?

Molderez Consult SRL maps the Microsoft 365 and Claude flows, reviews permissions and contracts, and defines a usage policy tailored to your data.

Frame my rollout

Transparence : cet article a été rédigé avec l'aide de l'intelligence artificielle, puis relu par Molderez Consult SRL. Information générale, vérifiée le 17 juin 2026 ; les fonctionnalités et conditions peuvent évoluer.