diff --git a/README.md b/README.md
index a314ef2c0c..692ca98ec9 100644
--- a/README.md
+++ b/README.md
@@ -74,7 +74,7 @@ We offer a hosted version of Inbox Zero at [https://getinboxzero.com](https://ge
 
 ### Setup
 
-[Here's a video](https://youtu.be/hVQENQ4WT2Y) on how to set up the project. It covers the same steps mentioned in this document. But goes into greater detail on setting up the external services.
+[Here's a video](https://youtu.be/hVQENQ4WT2Y) on how to set up the project. It covers the same steps mentioned in this document. But goes into greater detail on setting up the external services.
 
 ### Requirements
 
@@ -125,45 +125,100 @@ Go to [Google Cloud](https://console.cloud.google.com/). Create a new project if
 
 Create [new credentials](https://console.cloud.google.com/apis/credentials):
 
-1.  If the banner shows up, configure **consent screen** (if not, you can do this later)
-    1. Click the banner, then Click `Get Started`.
-    2. Choose a name for your app, and enter your email.
-    3. In Audience, choose `External`
-    4. Enter your contact information
-    5. Agree to the User Data policy and then click `Create`.
-    6. Return to APIs and Services using the left sidebar.
-2.  Create new [credentials](https://console.cloud.google.com/apis/credentials):
-    1. Click the `+Create Credentials` button. Choose OAuth Client ID.
-    2. In `Application Type`, Choose `Web application`
-    3. Choose a name for your web client
-    4. In Authorized JavaScript origins, add a URI and enter `http://localhost:3000`
-    5. In `Authorized redirect URIs` enter `http://localhost:3000/api/auth/callback/google`
-    6. Click `Create`.
-    7. A popup will show up with the new credentials, including the Client ID and secret.
-3.  Update .env file:
-    1. Copy the Client ID to `GOOGLE_CLIENT_ID`
-    2. Copy the Client secret to `GOOGLE_CLIENT_SECRET`
-4.  Update [scopes](https://console.cloud.google.com/auth/scopes)
-
-    1. Go to `Data Access` in the left sidebar (or click link above)
-    2. Click `Add or remove scopes`
-    3. Copy paste the below into the `Manually add scopes` box:
-
-    ```plaintext
-    https://www.googleapis.com/auth/userinfo.profile
-    https://www.googleapis.com/auth/userinfo.email
-    https://www.googleapis.com/auth/gmail.modify
-    https://www.googleapis.com/auth/gmail.settings.basic
-    https://www.googleapis.com/auth/contacts
-    ```
-
-    4. Click `Update`
-    5. Click `Save` in the Data Access page.
-
-5.  Add yourself as a test user
-    1. Go to [Audience](https://console.cloud.google.com/auth/audience)
-    2. In the `Test users` section, click `+Add users`
-    3. Enter your email and press `Save`
+1. If the banner shows up, configure **consent screen** (if not, you can do this later)
+
+   1. Click the banner, then Click `Get Started`.
+   2. Choose a name for your app, and enter your email.
+   3. In Audience, choose `External`
+   4. Enter your contact information
+   5. Agree to the User Data policy and then click `Create`.
+   6. Return to APIs and Services using the left sidebar.
+
+2. Create new [credentials](https://console.cloud.google.com/apis/credentials):
+
+   1. Click the `+Create Credentials` button. Choose OAuth Client ID.
+   2. In `Application Type`, Choose `Web application`
+   3. Choose a name for your web client
+   4. In Authorized JavaScript origins, add a URI and enter `http://localhost:3000`
+   5. In `Authorized redirect URIs` enter `http://localhost:3000/api/auth/callback/google`
+   6. Click `Create`.
+   7. A popup will show up with the new credentials, including the Client ID and secret.
+
+3. Update .env file:
+
+   1. Copy the Client ID to `GOOGLE_CLIENT_ID`
+   2. Copy the Client secret to `GOOGLE_CLIENT_SECRET`
+
+4. Update [scopes](https://console.cloud.google.com/auth/scopes)
+
+   1. Go to `Data Access` in the left sidebar (or click link above)
+   2. Click `Add or remove scopes`
+   3. Copy paste the below into the `Manually add scopes` box:
+
+   ```plaintext
+   https://www.googleapis.com/auth/userinfo.profile
+   https://www.googleapis.com/auth/userinfo.email
+   https://www.googleapis.com/auth/gmail.modify
+   https://www.googleapis.com/auth/gmail.settings.basic
+   https://www.googleapis.com/auth/contacts
+   ```
+
+   4. Click `Update`
+   5. Click `Save` in the Data Access page.
+
+5. Add yourself as a test user
+
+   1. Go to [Audience](https://console.cloud.google.com/auth/audience)
+   2. In the `Test users` section, click `+Add users`
+   3. Enter your email and press `Save`
+
+### Updating .env file with Azure credentials:
+
+- `MICROSOFT_CLIENT_ID` -- Google OAuth client ID. More info [here](https://authjs.dev/getting-started/providers/microsoft-entra-id)
+- `MICROSOFT_CLIENT_SECRET` -- Google OAuth client secret. More info [here](https://authjs.dev/getting-started/providers/microsoft-entra-id)
+- `MICROSOFT_ISSUER` -- Google OAuth client secret. More info [here](https://authjs.dev/getting-started/providers/microsoft-entra-id)
+
+Go to [Azure Portal](https://portal.azure.com/). Create a new application if necessary.
+
+Create the [application](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/CreateApplicationBlade):
+
+1. Register an application in [Azure Portal](https://portal.azure.com/):
+
+   1. Go to **Azure Active Directory** > **App registrations** > **New registration**.
+   2. Enter a name for your app.
+   3. Set **Supported account types** as needed (e.g., "Accounts in any organizational directory and personal Microsoft accounts").
+   4. In **Redirect URI**, select "Web" and enter: `http://localhost:3000/api/auth/callback/microsoft-entra-id`
+   5. Click **Register**.
+
+2. Configure authentication:
+
+   1. In your app registration, go to **Authentication**.
+   2. Ensure the redirect URI `http://localhost:3000/api/auth/callback/microsoft-entra-id` is listed.
+   3. (Optional) Enable **Access tokens** and **ID tokens**.
+
+3. Create a client secret:
+
+   1. Go to **Certificates & secrets** > **New client secret**.
+   2. Add a description and set an expiry.
+   3. Click **Add** and copy the generated value (you won't see it again).
+
+4. Update your `.env` file:
+
+- Set `MICROSOFT_CLIENT_ID` to the **Application (client) ID** from the app registration overview.
+- Set `MICROSOFT_CLIENT_SECRET` to the value of the client secret you just created.
+- Set `MICROSOFT_ISSUER` to your **Directory (tenant) ID** or use `https://login.microsoftonline.com/common/v2.0` for multi-tenant.
+
+5. Add API permissions:
+   1. Go to **API permissions** > **Add a permission**.
+   2. Choose **Microsoft Graph** > **Delegated permissions**.
+   3. Add permissions such as `User.Read`, `Mail.ReadWrite`, `Mail.Send`, `offline_access`, and any others your app requires.
+   4. Click **Add permissions**.
+   5. (If needed) Click **Grant admin consent**.
+   6. (Optional) Add yourself as a test user:
+
+- If your app is restricted, ensure your Microsoft account is added as a user in the Azure AD tenant.
+
+For more details, see the [Auth.js Microsoft Entra ID provider docs](https://authjs.dev/getting-started/providers/microsoft-entra-id).
 
 ### Updating .env file with LLM parameters
 
diff --git a/apps/web/.env.example b/apps/web/.env.example
index 13c1504234..f0429650db 100644
--- a/apps/web/.env.example
+++ b/apps/web/.env.example
@@ -10,6 +10,10 @@ GOOGLE_CLIENT_SECRET=
 GOOGLE_ENCRYPT_SECRET= # openssl rand -hex 32
 GOOGLE_ENCRYPT_SALT= # openssl rand -hex 16
 
+MICROSOFT_CLIENT_ID=
+MICROSOFT_CLIENT_SECRET=
+MICROSOFT_TENANT_ID=
+
 GOOGLE_PUBSUB_TOPIC_NAME="projects/abc/topics/xyz"
 GOOGLE_PUBSUB_VERIFICATION_TOKEN= # Generate a random secret here: https://generate-secret.vercel.app/32
 
diff --git a/apps/web/app/(app)/[emailAccountId]/assistant/page.tsx b/apps/web/app/(app)/[emailAccountId]/assistant/page.tsx
index c6dead6851..9778e3a813 100644
--- a/apps/web/app/(app)/[emailAccountId]/assistant/page.tsx
+++ b/apps/web/app/(app)/[emailAccountId]/assistant/page.tsx
@@ -28,9 +28,10 @@ export default async function AssistantPage({
       select: { id: true },
     });
 
-    if (!hasRule) {
-      redirect(prefixPath(emailAccountId, "/assistant?onboarding=true"));
-    }
+    // FIXME: redirected too many times
+    // if (!hasRule) {
+    //   redirect(prefixPath(emailAccountId, "/assistant?onboarding=true"));
+    // }
   }
 
   return (
diff --git a/apps/web/app/(app)/[emailAccountId]/mail/page.tsx b/apps/web/app/(app)/[emailAccountId]/mail/page.tsx
index 62aa6212a6..d0dda81a1b 100644
--- a/apps/web/app/(app)/[emailAccountId]/mail/page.tsx
+++ b/apps/web/app/(app)/[emailAccountId]/mail/page.tsx
@@ -7,43 +7,66 @@ import { List } from "@/components/email-list/EmailList";
 import { LoadingContent } from "@/components/LoadingContent";
 import type { ThreadsQuery } from "@/app/api/google/threads/validation";
 import type { ThreadsResponse } from "@/app/api/google/threads/controller";
+import type { OutlookThreadsResponse } from "@/app/api/outlook/threads/controller";
 import { refetchEmailListAtom } from "@/store/email";
 import { BetaBanner } from "@/app/(app)/[emailAccountId]/mail/BetaBanner";
 import { ClientOnly } from "@/components/ClientOnly";
 import { PermissionsCheck } from "@/app/(app)/[emailAccountId]/PermissionsCheck";
 
+// You may get this from props, context, or user/account info
+// For this example, let's assume it's a prop:
 export default function Mail(props: {
-  searchParams: Promise<{ type?: string; labelId?: string }>;
+  searchParams: Promise<{
+    type?: string;
+    labelId?: string;
+    folderId?: string;
+    provider?: "gmail" | "outlook";
+  }>;
 }) {
   const searchParams = use(props.searchParams);
-  const query: ThreadsQuery = {};
+  const provider = searchParams.provider || "gmail"; // default to gmail if not set
 
-  // Handle different query params
-  if (searchParams.type === "label" && searchParams.labelId) {
-    query.labelId = searchParams.labelId;
-  } else if (searchParams.type) {
-    query.type = searchParams.type;
+  // Build the query object
+  const query: ThreadsQuery = {};
+  if (provider === "gmail") {
+    if (searchParams.type === "label" && searchParams.labelId) {
+      query.labelId = searchParams.labelId;
+    } else if (searchParams.type) {
+      query.type = searchParams.type;
+    }
+  } else if (provider === "outlook") {
+    if (searchParams.type === "folder" && searchParams.folderId) {
+      query.folderId = searchParams.folderId;
+    } else if (searchParams.type) {
+      query.type = searchParams.type;
+    }
   }
 
+  // Build the correct endpoint
+  const endpoint =
+    provider === "gmail" ? "/api/google/threads" : "/api/outlook/threads";
+
+  // SWR key builder
   const getKey = (
     pageIndex: number,
-    previousPageData: ThreadsResponse | null,
+    previousPageData: ThreadsResponse | OutlookThreadsResponse | null,
   ) => {
     if (previousPageData && !previousPageData.nextPageToken) return null;
     const queryParams = new URLSearchParams(query as Record<string, string>);
-    // Append nextPageToken for subsequent pages
     if (pageIndex > 0 && previousPageData?.nextPageToken) {
       queryParams.set("nextPageToken", previousPageData.nextPageToken);
     }
-    return `/api/google/threads?${queryParams.toString()}`;
+    return `${endpoint}?${queryParams.toString()}`;
   };
 
-  const { data, size, setSize, isLoading, error, mutate } =
-    useSWRInfinite<ThreadsResponse>(getKey, {
-      keepPreviousData: true,
-      dedupingInterval: 1_000,
-      revalidateOnFocus: false,
-    });
+  // Use correct response type for SWR
+  const { data, size, setSize, isLoading, error, mutate } = useSWRInfinite<
+    ThreadsResponse | OutlookThreadsResponse
+  >(getKey, {
+    keepPreviousData: true,
+    dedupingInterval: 1_000,
+    revalidateOnFocus: false,
+  });
 
   const allThreads = data ? data.flatMap((page) => page.threads) : [];
   const isLoadingMore =
@@ -51,7 +74,6 @@ export default function Mail(props: {
   const showLoadMore = data ? !!data[data.length - 1]?.nextPageToken : false;
 
   // store `refetch` in the atom so we can refresh the list upon archive via command k
-  // TODO is this the best way to do this?
   const refetch = useCallback(
     (options?: { removedThreadIds?: string[] }) => {
       mutate(
@@ -76,7 +98,6 @@ export default function Mail(props: {
     [mutate],
   );
 
-  // Set up the refetch function in the atom store
   const setRefetchEmailList = useSetAtom(refetchEmailListAtom);
   useEffect(() => {
     setRefetchEmailList({ refetch });
@@ -88,7 +109,7 @@ export default function Mail(props: {
 
   return (
     <>
-      <PermissionsCheck />
+      {provider !== "outlook" && <PermissionsCheck />}
       <ClientOnly>
         <BetaBanner />
       </ClientOnly>
@@ -101,6 +122,7 @@ export default function Mail(props: {
             showLoadMore={showLoadMore}
             handleLoadMore={handleLoadMore}
             isLoadingMore={isLoadingMore}
+            provider={provider}
           />
         )}
       </LoadingContent>
diff --git a/apps/web/app/(landing)/login/LoginForm.tsx b/apps/web/app/(landing)/login/LoginForm.tsx
index b32da98191..6f106bd07d 100644
--- a/apps/web/app/(landing)/login/LoginForm.tsx
+++ b/apps/web/app/(landing)/login/LoginForm.tsx
@@ -75,6 +75,59 @@ export function LoginForm() {
         </DialogContent>
       </Dialog>
 
+      {/* TODO: Check the best way to filter for the waitlist users */}
+      <Dialog>
+        <DialogTrigger asChild>
+          <Button size="2xl">
+            <span className="flex items-center justify-center">
+              <Image
+                src="/images/microsoft.svg"
+                alt=""
+                width={24}
+                height={24}
+                unoptimized
+              />
+              <span className="ml-2">Sign in with Microsoft</span>
+            </span>
+          </Button>
+        </DialogTrigger>
+        <DialogContent>
+          <DialogHeader>
+            <DialogTitle>Sign in</DialogTitle>
+          </DialogHeader>
+          <SectionDescription>
+            Inbox Zero{"'"}s use and transfer of information received from
+            Microsoft Entra ID will adhere to{" "}
+            <a
+              href="https://learn.microsoft.com/en-us/legal/microsoft-entra-privacy"
+              className="underline underline-offset-4 hover:text-gray-900"
+            >
+              Microsoft Entra Privacy Policy
+            </a>{" "}
+            and other applicable requirements.
+          </SectionDescription>
+          <div>
+            <Button
+              loading={loading}
+              onClick={() => {
+                setLoading(true);
+                signIn(
+                  "microsoft-entra-id",
+                  {
+                    ...(next && next.length > 0
+                      ? { callbackUrl: next }
+                      : { callbackUrl: "/welcome" }),
+                  },
+                  error === "RequiresReconsent" ? { consent: true } : undefined,
+                );
+              }}
+            >
+              I agree
+            </Button>
+          </div>
+        </DialogContent>
+      </Dialog>
+
       <Button
         color="white"
         size="2xl"
diff --git a/apps/web/app/api/outlook/threads/controller.ts b/apps/web/app/api/outlook/threads/controller.ts
new file mode 100644
index 0000000000..2de3a4b67e
--- /dev/null
+++ b/apps/web/app/api/outlook/threads/controller.ts
@@ -0,0 +1,26 @@
+import type { ThreadsQuery } from "./validation";
+
+export async function getOutlookThreads({
+  accessToken,
+  query,
+}: {
+  accessToken: string;
+  query: ThreadsQuery;
+}) {
+  const params = new URLSearchParams();
+  if (query.limit) params.set("$top", String(query.limit));
+  if (query.nextPageToken) params.set("$skip", String(query.nextPageToken));
+
+  const url =
+    "https://graph.microsoft.com/v1.0/me/mailFolders/inbox/messages" +
+    "?" +
+    params.toString() +
+    "&$select=id,conversationId,subject,bodyPreview,from,receivedDateTime";
+
+  const res = await fetch(url, {
+    headers: { Authorization: "Bearer ${accessToken}" },
+  });
+  if (!res.ok) throw new Error(await res.text());
+  const body = await res.json();
+  return body.value;
+}
diff --git a/apps/web/app/api/outlook/threads/route.ts b/apps/web/app/api/outlook/threads/route.ts
new file mode 100644
index 0000000000..4200a490ca
--- /dev/null
+++ b/apps/web/app/api/outlook/threads/route.ts
@@ -0,0 +1,34 @@
+import { NextResponse } from "next/server";
+import { withEmailAccount } from "@/utils/middleware";
+import { getOutlookThreads } from "./controller";
+import { threadsQuery } from "./validation";
+import { auth } from "@/app/api/auth/[...nextauth]/auth";
+
+export const dynamic = "force-dynamic";
+export const maxDuration = 30;
+
+export const GET = withEmailAccount(async (request) => {
+  const { searchParams } = new URL(request.url);
+  const limit = Number(searchParams.get("limit") ?? 20);
+  const skip = Number(searchParams.get("skip") ?? 0);
+  const filter = searchParams.get("filter") ?? undefined;
+  const query = threadsQuery.parse({ limit, skip, filter });
+
+  const session = await auth();
+  const accessToken = session.accessToken ?? session.user.accessToken;
+  if (!accessToken) {
+    return NextResponse.json(
+      { error: "Missing Outlook access token" },
+      { status: 401 },
+    );
+  }
+
+  const emailAccountId = request.auth.emailAccountId;
+
+  const threads = await getOutlookThreads({
+    accessToken,
+    query,
+  });
+
+  return NextResponse.json(threads);
+});
diff --git a/apps/web/app/api/outlook/threads/validation.ts b/apps/web/app/api/outlook/threads/validation.ts
new file mode 100644
index 0000000000..ac349224a2
--- /dev/null
+++ b/apps/web/app/api/outlook/threads/validation.ts
@@ -0,0 +1,11 @@
+import { z } from "zod";
+
+export const threadsQuery = z.object({
+  fromEmail: z.string().nullish(),
+  limit: z.coerce.number().max(100).nullish(),
+  type: z.string().nullish(),
+  q: z.string().nullish(),
+  nextPageToken: z.string().nullish(),
+  labelId: z.string().nullish(),
+});
+export type ThreadsQuery = z.infer<typeof threadsQuery>;
diff --git a/apps/web/env.ts b/apps/web/env.ts
index 6618adc7f4..dfae4a8340 100644
--- a/apps/web/env.ts
+++ b/apps/web/env.ts
@@ -12,6 +12,9 @@ export const env = createEnv({
     GOOGLE_CLIENT_SECRET: z.string().min(1),
     GOOGLE_ENCRYPT_SECRET: z.string(),
     GOOGLE_ENCRYPT_SALT: z.string(),
+    MICROSOFT_CLIENT_ID: z.string().min(1),
+    MICROSOFT_CLIENT_SECRET: z.string().min(1),
+    MICROSOFT_ISSUER: z.string().default("common"),
     DEFAULT_LLM_PROVIDER: z
       .enum([
         "anthropic",
diff --git a/apps/web/package.json b/apps/web/package.json
index 166cceecfe..79fad189ad 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "scripts": {
-    "dev": "cross-env NODE_OPTIONS=--max_old_space_size=16384 next dev",
+    "dev": "cross-env NODE_OPTIONS=--max_old_space_size=16384 next dev --turbo",
     "build": "cross-env NODE_OPTIONS=--max_old_space_size=16384 prisma migrate deploy && next build",
     "start": "next start",
     "lint": "next lint",
@@ -34,6 +34,7 @@
     "@lemonsqueezy/lemonsqueezy.js": "4.0.0",
     "@mdx-js/loader": "3.1.0",
     "@mdx-js/react": "3.1.0",
+    "@microsoft/microsoft-graph-client": "^3.0.7",
     "@next/mdx": "15.3.0",
     "@next/third-parties": "15.3.0",
     "@openrouter/ai-sdk-provider": "0.4.5",
diff --git a/apps/web/public/images/microsoft.svg b/apps/web/public/images/microsoft.svg
new file mode 100644
index 0000000000..586f39ffb5
--- /dev/null
+++ b/apps/web/public/images/microsoft.svg
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Generator: Adobe Illustrator 23.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="Livello_1" xmlns:x="http://ns.adobe.com/Extensibility/1.0/" xmlns:i="http://ns.adobe.com/AdobeIllustrator/10.0/" xmlns:graph="http://ns.adobe.com/Graphs/1.0/" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 1831.085 1703.335" enable-background="new 0 0 1831.085 1703.335" xml:space="preserve">
+<path fill="#0A2767" d="M1831.083,894.25c0.1-14.318-7.298-27.644-19.503-35.131h-0.213l-0.767-0.426l-634.492-375.585  c-2.74-1.851-5.583-3.543-8.517-5.067c-24.498-12.639-53.599-12.639-78.098,0c-2.934,1.525-5.777,3.216-8.517,5.067L446.486,858.693  l-0.766,0.426c-19.392,12.059-25.337,37.556-13.278,56.948c3.553,5.714,8.447,10.474,14.257,13.868l634.492,375.585  c2.749,1.835,5.592,3.527,8.517,5.068c24.498,12.639,53.599,12.639,78.098,0c2.925-1.541,5.767-3.232,8.517-5.068l634.492-375.585  C1823.49,922.545,1831.228,908.923,1831.083,894.25z"/>
+<path fill="#0364B8" d="M520.453,643.477h416.38v381.674h-416.38V643.477z M1745.917,255.5V80.908  c1-43.652-33.552-79.862-77.203-80.908H588.204C544.552,1.046,510,37.256,511,80.908V255.5l638.75,170.333L1745.917,255.5z"/>
+<path fill="#0078D4" d="M511,255.5h425.833v383.25H511V255.5z"/>
+<path fill="#28A8EA" d="M1362.667,255.5H936.833v383.25L1362.667,1022h383.25V638.75L1362.667,255.5z"/>
+<path fill="#0078D4" d="M936.833,638.75h425.833V1022H936.833V638.75z"/>
+<path fill="#0364B8" d="M936.833,1022h425.833v383.25H936.833V1022z"/>
+<path fill="#14447D" d="M520.453,1025.151h416.38v346.969h-416.38V1025.151z"/>
+<path fill="#0078D4" d="M1362.667,1022h383.25v383.25h-383.25V1022z"/>
+<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="1128.4584" y1="811.0833" x2="1128.4584" y2="1.9982" gradientTransform="matrix(1 0 0 -1 0 1705.3334)">
+	<stop offset="0" style="stop-color:#35B8F1"/>
+	<stop offset="1" style="stop-color:#28A8EA"/>
+</linearGradient>
+<path fill="url(#SVGID_1_)" d="M1811.58,927.593l-0.809,0.426l-634.492,356.848c-2.768,1.703-5.578,3.321-8.517,4.769  c-10.777,5.132-22.481,8.029-34.407,8.517l-34.663-20.27c-2.929-1.47-5.773-3.105-8.517-4.897L447.167,906.003h-0.298  l-21.036-11.753v722.384c0.328,48.196,39.653,87.006,87.849,86.7h1230.914c0.724,0,1.363-0.341,2.129-0.341  c10.18-0.651,20.216-2.745,29.808-6.217c4.145-1.756,8.146-3.835,11.966-6.217c2.853-1.618,7.75-5.152,7.75-5.152  c21.814-16.142,34.726-41.635,34.833-68.772V894.25C1831.068,908.067,1823.616,920.807,1811.58,927.593z"/>
+<path opacity="0.5" fill="#0A2767" enable-background="new    " d="M1797.017,891.397v44.287l-663.448,456.791L446.699,906.301  c0-0.235-0.191-0.426-0.426-0.426l0,0l-63.023-37.899v-31.938l25.976-0.426l54.932,31.512l1.277,0.426l4.684,2.981  c0,0,645.563,368.346,647.267,369.197l24.698,14.478c2.129-0.852,4.258-1.703,6.813-2.555  c1.278-0.852,640.879-360.681,640.879-360.681L1797.017,891.397z"/>
+<path fill="#1490DF" d="M1811.58,927.593l-0.809,0.468l-634.492,356.848c-2.768,1.703-5.578,3.321-8.517,4.769  c-24.641,12.038-53.457,12.038-78.098,0c-2.918-1.445-5.76-3.037-8.517-4.769L446.657,928.061l-0.766-0.468  c-12.25-6.642-19.93-19.409-20.057-33.343v722.384c0.305,48.188,39.616,87.004,87.803,86.7c0.001,0,0.002,0,0.004,0h1229.636  c48.188,0.307,87.5-38.509,87.807-86.696c0-0.001,0-0.002,0-0.004V894.25C1831.068,908.067,1823.616,920.807,1811.58,927.593z"/>
+<path opacity="0.1" enable-background="new    " d="M1185.52,1279.629l-9.496,5.323c-2.752,1.752-5.595,3.359-8.517,4.812  c-10.462,5.135-21.838,8.146-33.47,8.857l241.405,285.479l421.107,101.476c11.539-8.716,20.717-20.178,26.7-33.343L1185.52,1279.629  z"/>
+<path opacity="0.05" enable-background="new    " d="M1228.529,1255.442l-52.505,29.51c-2.752,1.752-5.595,3.359-8.517,4.812  c-10.462,5.135-21.838,8.146-33.47,8.857l113.101,311.838l549.538,74.989c21.649-16.254,34.394-41.743,34.407-68.815v-9.326  L1228.529,1255.442z"/>
+<path fill="#28A8EA" d="M514.833,1703.333h1228.316c18.901,0.096,37.335-5.874,52.59-17.033l-697.089-408.331  c-2.929-1.47-5.773-3.105-8.517-4.897L447.125,906.088h-0.298l-20.993-11.838v719.914  C425.786,1663.364,465.632,1703.286,514.833,1703.333C514.832,1703.333,514.832,1703.333,514.833,1703.333z"/>
+<path opacity="0.1" enable-background="new    " d="M1022,418.722v908.303c-0.076,31.846-19.44,60.471-48.971,72.392  c-9.148,3.931-19,5.96-28.957,5.962H425.833V383.25H511v-42.583h433.073C987.092,340.83,1021.907,375.702,1022,418.722z"/>
+<path opacity="0.2" enable-background="new    " d="M979.417,461.305v908.302c0.107,10.287-2.074,20.469-6.388,29.808  c-11.826,29.149-40.083,48.273-71.54,48.417H425.833V383.25h475.656c12.356-0.124,24.533,2.958,35.344,8.943  C962.937,405.344,979.407,432.076,979.417,461.305z"/>
+<path opacity="0.2" enable-background="new    " d="M979.417,461.305v823.136c-0.208,43-34.928,77.853-77.927,78.225H425.833V383.25  h475.656c12.356-0.124,24.533,2.958,35.344,8.943C962.937,405.344,979.407,432.076,979.417,461.305z"/>
+<path opacity="0.2" enable-background="new    " d="M936.833,461.305v823.136c-0.046,43.067-34.861,78.015-77.927,78.225H425.833  V383.25h433.072c43.062,0.023,77.951,34.951,77.927,78.013C936.833,461.277,936.833,461.291,936.833,461.305z"/>
+<linearGradient id="SVGID_2_" gradientUnits="userSpaceOnUse" x1="162.7469" y1="1383.0741" x2="774.0864" y2="324.2592" gradientTransform="matrix(1 0 0 -1 0 1705.3334)">
+	<stop offset="0" style="stop-color:#1784D9"/>
+	<stop offset="0.5" style="stop-color:#107AD5"/>
+	<stop offset="1" style="stop-color:#0A63C9"/>
+</linearGradient>
+<path fill="url(#SVGID_2_)" d="M78.055,383.25h780.723c43.109,0,78.055,34.947,78.055,78.055v780.723  c0,43.109-34.946,78.055-78.055,78.055H78.055c-43.109,0-78.055-34.947-78.055-78.055V461.305  C0,418.197,34.947,383.25,78.055,383.25z"/>
+<path fill="#FFFFFF" d="M243.96,710.631c19.238-40.988,50.29-75.289,89.17-98.495c43.057-24.651,92.081-36.94,141.675-35.515  c45.965-0.997,91.321,10.655,131.114,33.683c37.414,22.312,67.547,55.004,86.742,94.109c20.904,43.09,31.322,90.512,30.405,138.396  c1.013,50.043-9.706,99.628-31.299,144.783c-19.652,40.503-50.741,74.36-89.425,97.388c-41.327,23.734-88.367,35.692-136.011,34.578  c-46.947,1.133-93.303-10.651-134.01-34.067c-37.738-22.341-68.249-55.07-87.892-94.28c-21.028-42.467-31.57-89.355-30.745-136.735  C212.808,804.859,223.158,755.686,243.96,710.631z M339.006,941.858c10.257,25.912,27.651,48.385,50.163,64.812  c22.93,16.026,50.387,24.294,78.353,23.591c29.783,1.178,59.14-7.372,83.634-24.358c22.227-16.375,39.164-38.909,48.715-64.812  c10.677-28.928,15.946-59.572,15.543-90.404c0.33-31.127-4.623-62.084-14.649-91.554c-8.855-26.607-25.246-50.069-47.182-67.537  c-23.88-17.79-53.158-26.813-82.91-25.55c-28.572-0.74-56.644,7.593-80.184,23.804c-22.893,16.496-40.617,39.168-51.1,65.365  c-23.255,60.049-23.376,126.595-0.341,186.728L339.006,941.858z"/>
+<path fill="#50D9FF" d="M1362.667,255.5h383.25v383.25h-383.25V255.5z"/>
+</svg>
\ No newline at end of file
diff --git a/apps/web/utils/account.ts b/apps/web/utils/account.ts
index 3479aec7b0..44923cc69a 100644
--- a/apps/web/utils/account.ts
+++ b/apps/web/utils/account.ts
@@ -6,6 +6,7 @@ import {
 import { redirect } from "next/navigation";
 import prisma from "@/utils/prisma";
 import { notFound } from "next/navigation";
+import { Client } from "@microsoft/microsoft-graph-client";
 
 export async function getGmailClientForEmail({
   emailAccountId,
@@ -94,3 +95,81 @@ export async function redirectToEmailAccountPath(path: `/${string}`) {
 
   redirect(redirectUrl);
 }
+
+export async function getOutlookClientForEmail({
+  emailAccountId,
+}: {
+  emailAccountId: string;
+}) {
+  const tokens = await getTokens({ emailAccountId });
+  const gmail = getOutlookClientWithRefresh({
+    accessToken: tokens.accessToken,
+    refreshToken: tokens.refreshToken || "",
+    expiresAt: tokens.expiresAt ?? null,
+    emailAccountId,
+  });
+  return gmail;
+}
+
+export async function getOutlookAndAccessTokenForEmail({
+  emailAccountId,
+}: {
+  emailAccountId: string;
+}) {
+  const tokens = await getTokens({ emailAccountId });
+  const outlook = await getOutlookClientWithRefresh({
+    accessToken: tokens.accessToken,
+    refreshToken: tokens.refreshToken || "",
+    expiresAt: tokens.expiresAt ?? null,
+    emailAccountId,
+  });
+  const accessToken = getAccessTokenFromClient(outlook);
+  return { outlook, accessToken, tokens };
+}
+
+export async function getOutlookClientForEmailId({
+  emailAccountId,
+}: {
+  emailAccountId: string;
+}) {
+  const account = await prisma.emailAccount.findUnique({
+    where: { id: emailAccountId },
+    select: {
+      account: {
+        select: { access_token: true, refresh_token: true, expires_at: true },
+      },
+    },
+  });
+  const outlook = getGmailClientWithRefresh({
+    accessToken: account?.account.access_token,
+    refreshToken: account?.account.refresh_token || "",
+    expiresAt: account?.account.expires_at ?? null,
+    emailAccountId,
+  });
+  return outlook;
+}
+
+export async function getGraphClientAndAccessTokenForEmail({
+  emailAccountId,
+}: {
+  emailAccountId: string;
+}) {
+  const tokens = await getTokens({ emailAccountId });
+
+  if (!tokens.accessToken) {
+    throw new Error("No access token found for this account");
+  }
+
+  // Create Microsoft Graph client
+  const graphClient = Client.init({
+    authProvider: (done) => {
+      done(null, tokens.accessToken as string);
+    },
+  });
+
+  return {
+    graphClient,
+    accessToken: tokens.accessToken,
+    tokens,
+  };
+}
diff --git a/apps/web/utils/auth.ts b/apps/web/utils/auth.ts
index 5c5860c6eb..cfd1a2e79b 100644
--- a/apps/web/utils/auth.ts
+++ b/apps/web/utils/auth.ts
@@ -4,13 +4,15 @@ import type { Prisma } from "@prisma/client";
 import type { NextAuthConfig, DefaultSession } from "next-auth";
 import type { JWT } from "@auth/core/jwt";
 import GoogleProvider from "next-auth/providers/google";
+import MicrosoftProvider from "next-auth/providers/microsoft-entra-id";
 import { createContact as createLoopsContact } from "@inboxzero/loops";
 import { createContact as createResendContact } from "@inboxzero/resend";
 import prisma from "@/utils/prisma";
 import { env } from "@/env";
 import { captureException } from "@/utils/error";
 import { createScopedLogger } from "@/utils/logger";
-import { SCOPES } from "@/utils/gmail/scopes";
+import { SCOPES as GOOGLE_SCOPES } from "@/utils/gmail/scopes";
+import { SCOPES as MICROSOFT_SCOPES } from "@/utils/outlook/scopes";
 import { getContactsClient } from "@/utils/gmail/client";
 import { encryptToken } from "@/utils/encryption";
 import { updateAccountSeats } from "@/utils/premium/server";
@@ -28,7 +30,7 @@ export const getAuthOptions: (options?: {
       authorization: {
         url: "https://accounts.google.com/o/oauth2/v2/auth",
         params: {
-          scope: SCOPES.join(" "),
+          scope: GOOGLE_SCOPES.join(" "),
           access_type: "offline",
           response_type: "code",
           prompt: "consent",
@@ -40,6 +42,28 @@ export const getAuthOptions: (options?: {
         },
       },
     }),
+    MicrosoftProvider({
+      clientId: env.MICROSOFT_CLIENT_ID,
+      clientSecret: env.MICROSOFT_CLIENT_SECRET,
+      tenantId: env.MICROSOFT_CLIENT_TENANT_ID!,
+      authorization: {
+        params: {
+          // ⬇️ o `params.scope` é o que o NextAuth espera
+          scope: [
+            "openid",
+            "profile",
+            "email",
+            "offline_access",
+            "User.Read",
+            "Mail.Read",
+            "Mail.ReadWrite",
+            "Mail.Send",
+
+            "MailboxSettings.ReadWrite",
+          ].join(" "),
+        },
+      },
+    }),
   ],
   // logger: {
   //   error: (error) => {
@@ -69,44 +93,78 @@ export const getAuthOptions: (options?: {
       try {
         // --- Step 1: Fetch Profile Info using Access Token ---
         if (data.access_token) {
-          const contactsClient = getContactsClient({
-            accessToken: data.access_token,
-          });
-          try {
-            const profileResponse = await contactsClient.people.get({
-              resourceName: "people/me",
-              personFields: "emailAddresses,names,photos",
+          if (data.provider === "google") {
+            const contactsClient = getContactsClient({
+              accessToken: data.access_token,
             });
-
-            primaryEmail = profileResponse.data.emailAddresses
-              ?.find((e) => e.metadata?.primary)
-              ?.value?.toLowerCase();
-            primaryName = profileResponse.data.names?.find(
-              (n) => n.metadata?.primary,
-            )?.displayName;
-            primaryPhotoUrl = profileResponse.data.photos?.find(
-              (p) => p.metadata?.primary,
-            )?.url;
-          } catch (profileError) {
-            logger.error("[linkAccount] Error fetching profile info:", {
-              profileError,
+            try {
+              const profileResponse = await contactsClient.people.get({
+                resourceName: "people/me",
+                personFields: "emailAddresses,names,photos",
+              });
+
+              primaryEmail = profileResponse.data.emailAddresses
+                ?.find((e) => e.metadata?.primary)
+                ?.value?.toLowerCase();
+              primaryName = profileResponse.data.names?.find(
+                (n) => n.metadata?.primary,
+              )?.displayName;
+              primaryPhotoUrl = profileResponse.data.photos?.find(
+                (p) => p.metadata?.primary,
+              )?.url;
+            } catch (profileError) {
+              logger.error(
+                "[linkAccount] Error fetching Google profile info:",
+                {
+                  profileError,
+                },
+              );
+              throw new Error("Failed to fetch Google profile info.");
+            }
+          } else if (data.provider === "microsoft-entra-id") {
+            // Use Microsoft Graph API to fetch profile
+            try {
+              const response = await fetch(
+                "https://graph.microsoft.com/v1.0/me",
+                {
+                  headers: {
+                    Authorization: `Bearer ${data.access_token}`,
+                  },
+                },
+              );
+              const profile = await response.json();
+              if (!response.ok)
+                throw new Error("Failed to fetch Microsoft profile");
+
+              primaryEmail =
+                profile.mail?.toLowerCase() ||
+                profile.userPrincipalName?.toLowerCase();
+              primaryName = profile.displayName;
+              primaryPhotoUrl = profile.photo
+                ? `https://graph.microsoft.com/v1.0/me/photo/$value`
+                : null;
+            } catch (profileError) {
+              logger.error(
+                "[linkAccount] Error fetching Microsoft profile info:",
+                {
+                  profileError,
+                },
+              );
+              throw new Error("Failed to fetch Microsoft profile info.");
+            }
+          } else {
+            logger.error("[linkAccount] Unsupported provider:", {
+              provider: data.provider,
             });
-            // Decide if this is fatal. Probably should be.
-            throw new Error(
-              "Failed to fetch profile info for linking account.",
-            );
+            throw new Error("Unsupported provider.");
           }
         } else {
-          logger.error(
-            "[linkAccount] No access_token found in data, cannot fetch profile.",
-          );
+          logger.error("[linkAccount] No access_token found in data.");
           throw new Error("Missing access token during account linking.");
         }
 
         if (!primaryEmail) {
-          logger.error(
-            "[linkAccount] Primary email could not be determined from profile.",
-          );
+          logger.error("[linkAccount] Primary email could not be determined.");
           throw new Error("Primary email not found for linked account.");
         }
 
@@ -175,6 +233,7 @@ export const getAuthOptions: (options?: {
               expires_at: calculateExpiresAt(
                 account.expires_in as number | undefined,
               ),
+              provider: account.provider,
             },
             accountRefreshToken: account.refresh_token,
             providerAccountId: account.providerAccountId,
@@ -185,7 +244,7 @@ export const getAuthOptions: (options?: {
             where: {
               provider_providerAccountId: {
                 providerAccountId: account.providerAccountId,
-                provider: "google",
+                provider: account.provider, // Suport for multiple providers; e.g. google, microsoft-entra-id
               },
             },
             select: { refresh_token: true },
@@ -310,11 +369,15 @@ export const authOptions = getAuthOptions();
  */
 const refreshAccessToken = async (token: JWT): Promise<JWT> => {
   const account = await prisma.account.findFirst({
-    where: { userId: token.sub as string, provider: "google" },
+    where: {
+      userId: token.sub as string,
+      provider: token.provider || "google",
+    },
     select: {
       userId: true,
       refresh_token: true,
       providerAccountId: true,
+      provider: true,
     },
   });
 
@@ -338,21 +401,41 @@ const refreshAccessToken = async (token: JWT): Promise<JWT> => {
   logger.info("Refreshing access token", { email: token.email });
 
   try {
-    const response = await fetch("https://oauth2.googleapis.com/token", {
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: new URLSearchParams({
-        client_id: env.GOOGLE_CLIENT_ID,
-        client_secret: env.GOOGLE_CLIENT_SECRET,
-        grant_type: "refresh_token",
-        refresh_token: account.refresh_token,
-      }),
-      method: "POST",
-    });
+    let response;
+    if (account.provider === "google") {
+      response = await fetch("https://oauth2.googleapis.com/token", {
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+          client_id: env.GOOGLE_CLIENT_ID,
+          client_secret: env.GOOGLE_CLIENT_SECRET,
+          grant_type: "refresh_token",
+          refresh_token: account.refresh_token,
+        }),
+        method: "POST",
+      });
+    } else if (account.provider === "microsoft-entra-id") {
+      response = await fetch(
+        `https://login.microsoftonline.com/${env.MICROSOFT_CLIENT_TENANT_ID}/oauth2/v2.0/token`,
+        {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          body: new URLSearchParams({
+            client_id: env.MICROSOFT_CLIENT_ID,
+            client_secret: env.MICROSOFT_CLIENT_SECRET,
+            grant_type: "refresh_token",
+            refresh_token: account.refresh_token!,
+            scope: MICROSOFT_SCOPES.join(" "),
+          }),
+          method: "POST",
+        },
+      );
+    } else {
+      throw new Error("Unsupported provider for token refresh");
+    }
 
     const tokens: {
       expires_in: number;
       access_token: string;
-      refresh_token: string;
+      refresh_token?: string;
     } = await response.json();
 
     if (!response.ok) throw tokens;
@@ -409,6 +492,7 @@ export async function saveTokens({
     access_token?: string;
     refresh_token?: string;
     expires_at?: number;
+    provider?: string; // e.g. google, microsoft-entra-id
   };
   accountRefreshToken: string | null;
 } & ( // provide one of these:
@@ -435,6 +519,7 @@ export async function saveTokens({
     access_token: tokens.access_token,
     expires_at: tokens.expires_at,
     refresh_token: refreshToken,
+    provider: tokens.provider || "google", // Default to google if not provided
   };
 
   if (emailAccountId) {
@@ -464,7 +549,7 @@ export async function saveTokens({
     return await prisma.account.update({
       where: {
         provider_providerAccountId: {
-          provider: "google",
+          provider: data.provider || "google",
           providerAccountId,
         },
       },
diff --git a/apps/web/utils/middleware.ts b/apps/web/utils/middleware.ts
index 8e7eee6dd2..8947e427dd 100644
--- a/apps/web/utils/middleware.ts
+++ b/apps/web/utils/middleware.ts
@@ -152,8 +152,12 @@ async function emailAccountMiddleware(
   const userId = authReq.auth.userId;
 
   // Check for X-Email-Account-ID header
-  const emailAccountId = req.headers.get(EMAIL_ACCOUNT_HEADER);
+  let emailAccountId = req.headers.get(EMAIL_ACCOUNT_HEADER);
 
+  if (!emailAccountId) {
+    const url = new URL(req.url);
+    emailAccountId = url.searchParams.get("emailAccountId") ?? undefined;
+  }
   if (!emailAccountId) {
     return NextResponse.json(
       { error: "Email account ID is required", isKnownError: true },
diff --git a/apps/web/utils/outlook/attachment.ts b/apps/web/utils/outlook/attachment.ts
new file mode 100644
index 0000000000..8ac7880458
--- /dev/null
+++ b/apps/web/utils/outlook/attachment.ts
@@ -0,0 +1,15 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+
+export async function getGmailAttachment(
+  gmail: gmail_v1.Gmail,
+  messageId: string,
+  attachmentId: string,
+) {
+  const attachment = await gmail.users.messages.attachments.get({
+    userId: "me",
+    id: attachmentId,
+    messageId,
+  });
+  const attachmentData = attachment.data;
+  return attachmentData;
+}
diff --git a/apps/web/utils/outlook/batch.ts b/apps/web/utils/outlook/batch.ts
new file mode 100644
index 0000000000..d86314166b
--- /dev/null
+++ b/apps/web/utils/outlook/batch.ts
@@ -0,0 +1,57 @@
+import { isDefined } from "@/utils/types";
+
+const BATCH_LIMIT = 20; // Microsoft Graph batch limit is 20
+
+/**
+ * Batch fetch resources from Microsoft Graph.
+ * @param ids Array of resource IDs.
+ * @param endpoint Endpoint path, e.g. "/me/messages"
+ * @param accessToken OAuth access token.
+ */
+export async function getGraphBatch(
+  ids: string[],
+  endpoint: string, // e.g. /me/messages
+  accessToken: string,
+) {
+  if (!ids.length) return [];
+  if (ids.length > BATCH_LIMIT) {
+    throw new Error(
+      `Request count exceeds the limit. Received: ${ids.length}, Limit: ${BATCH_LIMIT}`,
+    );
+  }
+
+  // Build batch request body
+  const requests = ids.map((id, idx) => ({
+    id: String(idx + 1),
+    method: "GET",
+    url: `${endpoint}/${id}`,
+  }));
+
+  const batchRequestBody = JSON.stringify({ requests });
+
+  const res = await fetch("https://graph.microsoft.com/v1.0/$batch", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+      "Content-Type": "application/json",
+    },
+    body: batchRequestBody,
+  });
+
+  if (!res.ok) {
+    throw new Error(`Graph batch request failed: ${res.statusText}`);
+  }
+
+  const json = await res.json();
+
+  // Extract responses and map by request id order
+  const responses = (json.responses || []).map((resp: any) => {
+    if (resp.status === 200) {
+      return resp.body;
+    }
+    // Optionally handle errors per response
+    return undefined;
+  });
+
+  return responses.filter(isDefined);
+}
diff --git a/apps/web/utils/outlook/client.ts b/apps/web/utils/outlook/client.ts
new file mode 100644
index 0000000000..8681081119
--- /dev/null
+++ b/apps/web/utils/outlook/client.ts
@@ -0,0 +1,117 @@
+import { auth, gmail, type gmail_v1 } from "@googleapis/gmail";
+import { people } from "@googleapis/people";
+import { saveTokens } from "@/utils/auth";
+import { env } from "@/env";
+import { createScopedLogger } from "@/utils/logger";
+import { SCOPES } from "@/utils/gmail/scopes";
+import { SafeError } from "@/utils/error";
+
+const logger = createScopedLogger("gmail/client");
+
+type AuthOptions = {
+  accessToken?: string | null;
+  refreshToken?: string | null;
+  expiryDate?: number | null;
+  expiresAt?: number | null;
+};
+
+const getAuth = ({
+  accessToken,
+  refreshToken,
+  expiresAt,
+  ...rest
+}: AuthOptions) => {
+  const expiryDate = expiresAt ? expiresAt * 1000 : rest.expiryDate;
+
+  const googleAuth = new auth.OAuth2({
+    clientId: env.GOOGLE_CLIENT_ID,
+    clientSecret: env.GOOGLE_CLIENT_SECRET,
+  });
+  googleAuth.setCredentials({
+    access_token: accessToken,
+    refresh_token: refreshToken,
+    expiry_date: expiryDate,
+    scope: SCOPES.join(" "),
+  });
+
+  return googleAuth;
+};
+
+export function getLinkingOAuth2Client() {
+  return new auth.OAuth2({
+    clientId: env.GOOGLE_CLIENT_ID,
+    clientSecret: env.GOOGLE_CLIENT_SECRET,
+    redirectUri: `${env.NEXT_PUBLIC_BASE_URL}/api/google/linking/callback`,
+  });
+}
+
+// we should potentially use this everywhere instead of getGmailClient as this handles refreshing the access token and saving it to the db
+export const getGmailClientWithRefresh = async ({
+  accessToken,
+  refreshToken,
+  expiresAt,
+  emailAccountId,
+}: {
+  accessToken?: string | null;
+  refreshToken: string | null;
+  expiresAt: number | null;
+  emailAccountId: string;
+}): Promise<gmail_v1.Gmail> => {
+  if (!refreshToken) throw new SafeError("No refresh token");
+
+  // we handle refresh ourselves so not passing in expiresAt
+  const auth = getAuth({ accessToken, refreshToken });
+  const g = gmail({ version: "v1", auth });
+
+  const expiryDate = expiresAt ? expiresAt * 1000 : null;
+  if (expiryDate && expiryDate > Date.now()) return g;
+
+  // may throw `invalid_grant` error
+  try {
+    const tokens = await auth.refreshAccessToken();
+    const newAccessToken = tokens.credentials.access_token;
+
+    if (newAccessToken !== accessToken) {
+      await saveTokens({
+        tokens: {
+          access_token: newAccessToken ?? undefined,
+          expires_at: tokens.credentials.expiry_date
+            ? Math.floor(tokens.credentials.expiry_date / 1000)
+            : undefined,
+        },
+        accountRefreshToken: refreshToken,
+        emailAccountId,
+      });
+    }
+
+    return g;
+  } catch (error) {
+    const isInvalidGrantError =
+      error instanceof Error && error.message.includes("invalid_grant");
+
+    if (isInvalidGrantError) {
+      logger.warn("Error refreshing Gmail access token", { error });
+    }
+
+    throw error;
+  }
+};
+
+// doesn't handle refreshing the access token
+// should probably use the same auth object as getGmailClientWithRefresh but not critical for now
+export const getContactsClient = ({
+  accessToken,
+  refreshToken,
+}: AuthOptions) => {
+  const auth = getAuth({ accessToken, refreshToken });
+  const contacts = people({ version: "v1", auth });
+
+  return contacts;
+};
+
+export const getAccessTokenFromClient = (client: gmail_v1.Gmail): string => {
+  const accessToken = (client.context._options.auth as any).credentials
+    .access_token;
+  if (!accessToken) throw new Error("No access token");
+  return accessToken;
+};
diff --git a/apps/web/utils/outlook/constants.ts b/apps/web/utils/outlook/constants.ts
new file mode 100644
index 0000000000..debd3795cf
--- /dev/null
+++ b/apps/web/utils/outlook/constants.ts
@@ -0,0 +1,16 @@
+export const messageVisibility = {
+  show: "show",
+  hide: "hide",
+} as const;
+export type MessageVisibility =
+  (typeof messageVisibility)[keyof typeof messageVisibility];
+
+export const labelVisibility = {
+  labelShow: "labelShow",
+  labelShowIfUnread: "labelShowIfUnread",
+  labelHide: "labelHide",
+} as const;
+export type LabelVisibility =
+  (typeof labelVisibility)[keyof typeof labelVisibility];
+
+export const GOOGLE_LINKING_STATE_COOKIE_NAME = "google_linking_state";
diff --git a/apps/web/utils/outlook/contact.ts b/apps/web/utils/outlook/contact.ts
new file mode 100644
index 0000000000..2357a42361
--- /dev/null
+++ b/apps/web/utils/outlook/contact.ts
@@ -0,0 +1,20 @@
+import type { people_v1 } from "@googleapis/people";
+
+export async function searchContacts(client: people_v1.People, query: string) {
+  const readMasks: (keyof people_v1.Schema$Person)[] = [
+    "names",
+    "emailAddresses",
+    "photos",
+  ];
+
+  const res = await client.people.searchContacts({
+    query,
+    readMask: readMasks.join(","),
+    pageSize: 10,
+  });
+
+  const contacts =
+    res.data.results?.filter((c) => c.person?.emailAddresses?.[0]) || [];
+
+  return contacts;
+}
diff --git a/apps/web/utils/outlook/decode.ts b/apps/web/utils/outlook/decode.ts
new file mode 100644
index 0000000000..6cac10c284
--- /dev/null
+++ b/apps/web/utils/outlook/decode.ts
@@ -0,0 +1,6 @@
+import he from "he";
+
+export function decodeSnippet(snippet?: string | null) {
+  if (!snippet) return "";
+  return he.decode(snippet).replace(/\u200C|\u200D|\uFEFF/g, "");
+}
diff --git a/apps/web/utils/outlook/draft.ts b/apps/web/utils/outlook/draft.ts
new file mode 100644
index 0000000000..8107ec8ced
--- /dev/null
+++ b/apps/web/utils/outlook/draft.ts
@@ -0,0 +1,45 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { createScopedLogger } from "@/utils/logger";
+import { parseMessage } from "@/utils/mail";
+import type { MessageWithPayload } from "@/utils/types";
+import { isGmailError } from "@/utils/error";
+
+const logger = createScopedLogger("gmail/draft");
+
+export async function getDraft(draftId: string, gmail: gmail_v1.Gmail) {
+  try {
+    const response = await gmail.users.drafts.get({
+      userId: "me",
+      id: draftId,
+      format: "full",
+    });
+    const message = parseMessage(response.data.message as MessageWithPayload);
+    return message;
+  } catch (error) {
+    if (isGmailError(error) && error.code === 404) return null;
+    throw error;
+  }
+}
+
+export async function deleteDraft(gmail: gmail_v1.Gmail, draftId: string) {
+  try {
+    logger.info("Deleting draft", { draftId });
+    const response = await gmail.users.drafts.delete({
+      userId: "me",
+      id: draftId,
+    });
+    if (response.status !== 200) {
+      logger.error("Failed to delete draft", { draftId, response });
+    }
+    logger.info("Successfully deleted draft", { draftId });
+  } catch (error) {
+    if (error instanceof Error && "code" in error && error.code === 404) {
+      logger.warn("Draft not found or already deleted, skipping deletion.", {
+        draftId,
+      });
+    } else {
+      logger.error("Failed to delete draft", { draftId, error });
+      throw error;
+    }
+  }
+}
diff --git a/apps/web/utils/outlook/filter.ts b/apps/web/utils/outlook/filter.ts
new file mode 100644
index 0000000000..8a8f56afbe
--- /dev/null
+++ b/apps/web/utils/outlook/filter.ts
@@ -0,0 +1,67 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { GmailLabel } from "@/utils/gmail/label";
+
+export async function createFilter(options: {
+  gmail: gmail_v1.Gmail;
+  from: string;
+  addLabelIds?: string[];
+  removeLabelIds?: string[];
+}) {
+  const { gmail, from, addLabelIds, removeLabelIds } = options;
+
+  try {
+    return await gmail.users.settings.filters.create({
+      userId: "me",
+      requestBody: {
+        criteria: { from },
+        action: {
+          addLabelIds,
+          removeLabelIds,
+        },
+      },
+    });
+  } catch (error) {
+    if (isFilterExistsError(error)) return { status: 200 };
+    throw error;
+  }
+}
+
+export async function createAutoArchiveFilter({
+  gmail,
+  from,
+  gmailLabelId,
+}: {
+  gmail: gmail_v1.Gmail;
+  from: string;
+  gmailLabelId?: string;
+}) {
+  try {
+    return await createFilter({
+      gmail,
+      from,
+      removeLabelIds: [GmailLabel.INBOX],
+      addLabelIds: gmailLabelId ? [gmailLabelId] : undefined,
+    });
+  } catch (error) {
+    if (isFilterExistsError(error)) return { status: 200 };
+    throw error;
+  }
+}
+
+export async function deleteFilter(options: {
+  gmail: gmail_v1.Gmail;
+  id: string;
+}) {
+  const { gmail, id } = options;
+
+  return gmail.users.settings.filters.delete({ userId: "me", id });
+}
+
+export async function getFiltersList(options: { gmail: gmail_v1.Gmail }) {
+  return options.gmail.users.settings.filters.list({ userId: "me" });
+}
+
+function isFilterExistsError(error: unknown) {
+  const errorMessage = (error as any)?.errors?.[0]?.message;
+  return errorMessage === "Filter already exists";
+}
diff --git a/apps/web/utils/outlook/forward.test.ts b/apps/web/utils/outlook/forward.test.ts
new file mode 100644
index 0000000000..6bb7015e13
--- /dev/null
+++ b/apps/web/utils/outlook/forward.test.ts
@@ -0,0 +1,86 @@
+import { describe, expect, it, beforeEach, vi, afterEach } from "vitest";
+import { forwardEmailHtml } from "./forward";
+import type { ParsedMessage } from "@/utils/types";
+
+describe("email forwarding", () => {
+  // Set a specific timezone offset for consistent testing
+  const testDate = new Date("2025-02-06T22:35:00.000Z");
+
+  // Thanks to the LLM for helping mock this
+  beforeEach(() => {
+    // Mock the date to a fixed UTC timestamp
+    vi.useFakeTimers();
+    vi.setSystemTime(testDate);
+
+    // Mock all date methods to use UTC values
+    vi.spyOn(Date.prototype, "getHours").mockImplementation(function (
+      this: Date,
+    ) {
+      return this.getUTCHours();
+    });
+
+    vi.spyOn(Date.prototype, "getMinutes").mockImplementation(function (
+      this: Date,
+    ) {
+      return this.getUTCMinutes();
+    });
+
+    vi.spyOn(Date.prototype, "getDate").mockImplementation(function (
+      this: Date,
+    ) {
+      return this.getUTCDate();
+    });
+
+    // Mock individual toLocaleString calls used by formatEmailDate
+    const mockToLocaleString = vi.spyOn(Date.prototype, "toLocaleString");
+    mockToLocaleString.mockImplementation(function (
+      this: Date,
+      _locales?: Intl.LocalesArgument,
+      options?: Intl.DateTimeFormatOptions,
+    ) {
+      if (options?.weekday === "short") return "Thu";
+      if (options?.month === "short") return "Feb";
+      if (options?.year === "numeric") return "2025";
+      if (options?.day === "numeric") return "6";
+      return ""; // Default case
+    });
+  });
+
+  afterEach(() => {
+    vi.useRealTimers();
+    vi.restoreAllMocks();
+  });
+
+  it("formats forwarded email like Gmail", () => {
+    const content = "a test forwarded email";
+    const message: Pick<ParsedMessage, "headers" | "textHtml"> = {
+      headers: {
+        from: "From <from@demo.com>",
+        date: testDate.toISOString(),
+        subject: "great meeting!",
+        to: "To <to@demo.com>",
+        "message-id": "<123@example.com>",
+      },
+      textHtml:
+        '<div style="font-family:Arial,sans-serif;font-size:14px">hey, was great to meet today. when can we get lunch?</div>',
+    };
+
+    const html = forwardEmailHtml({
+      content,
+      message: message as ParsedMessage,
+    });
+
+    expect(html).toBe(
+      `<div dir="ltr">${content}<br><br>
+<div class="gmail_quote gmail_quote_container">
+  <div dir="ltr" class="gmail_attr">---------- Forwarded message ----------<br>
+From: <strong class="gmail_sendername" dir="auto">From</strong> <span dir="auto">&lt;<a href="mailto:from@demo.com">from@demo.com</a>&gt;</span><br>
+Date: Thu, 6 Feb 2025 at 22:35<br>
+Subject: great meeting!<br>
+To: To &lt;<a href="mailto:to@demo.com">to@demo.com</a>&gt;<br>
+</div><br><br>
+${message.textHtml}
+</div></div>`.trim(),
+    );
+  });
+});
diff --git a/apps/web/utils/outlook/forward.ts b/apps/web/utils/outlook/forward.ts
new file mode 100644
index 0000000000..e5896b666d
--- /dev/null
+++ b/apps/web/utils/outlook/forward.ts
@@ -0,0 +1,65 @@
+import { formatEmailDate } from "@/utils/gmail/reply";
+import type { ParsedMessage } from "@/utils/types";
+
+export const forwardEmailSubject = (subject: string) => {
+  return `Fwd: ${subject}`;
+};
+
+export const forwardEmailHtml = ({
+  content,
+  message,
+}: {
+  content: string;
+  message: ParsedMessage;
+}) => {
+  const quotedDate = formatEmailDate(new Date(message.headers.date));
+
+  return `<div dir="ltr">${content}<br><br>
+<div class="gmail_quote gmail_quote_container">
+  <div dir="ltr" class="gmail_attr">---------- Forwarded message ----------<br>
+From: ${formatFromEmailWithName(message.headers.from)}<br>
+Date: ${quotedDate}<br>
+Subject: ${message.headers.subject}<br>
+To: ${formatToEmailWithName(message.headers.to)}<br>
+</div><br><br>
+${message.textHtml}
+</div></div>`.trim();
+};
+
+export const forwardEmailText = ({
+  content,
+  message,
+}: {
+  content: string;
+  message: ParsedMessage;
+}) => {
+  return `${content}
+        
+---------- Forwarded message ----------
+From: ${message.headers.from}
+Date: ${message.headers.date}
+Subject: ${message.headers.subject}
+To: ${message.headers.to}
+
+${message.textPlain}`;
+};
+
+const formatFromEmailWithName = (emailHeader: string) => {
+  const match = emailHeader.match(/(.*?)\s*<([^>]+)>/);
+  if (!match) return emailHeader;
+
+  const [, name, email] = match;
+  const trimmedName = name.trim();
+
+  return `<strong class="gmail_sendername" dir="auto">${trimmedName}</strong> <span dir="auto">&lt;<a href="mailto:${email}">${email}</a>&gt;</span>`;
+};
+
+const formatToEmailWithName = (emailHeader: string) => {
+  const match = emailHeader.match(/(.*?)\s*<([^>]+)>/);
+  if (!match) return emailHeader;
+
+  const [, name, email] = match;
+  const trimmedName = name.trim();
+
+  return `${trimmedName} &lt;<a href="mailto:${email}">${email}</a>&gt;`;
+};
diff --git a/apps/web/utils/outlook/history.ts b/apps/web/utils/outlook/history.ts
new file mode 100644
index 0000000000..adca0b56b9
--- /dev/null
+++ b/apps/web/utils/outlook/history.ts
@@ -0,0 +1,19 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+
+export async function getHistory(
+  gmail: gmail_v1.Gmail,
+  options: {
+    startHistoryId: string;
+    historyTypes?: string[];
+    maxResults?: number;
+  },
+) {
+  const history = await gmail.users.history.list({
+    userId: "me",
+    startHistoryId: options.startHistoryId,
+    historyTypes: options.historyTypes,
+    maxResults: options.maxResults,
+  });
+
+  return history.data;
+}
diff --git a/apps/web/utils/outlook/label.ts b/apps/web/utils/outlook/label.ts
new file mode 100644
index 0000000000..f70ebc0f17
--- /dev/null
+++ b/apps/web/utils/outlook/label.ts
@@ -0,0 +1,356 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { publishArchive, type TinybirdEmailAction } from "@inboxzero/tinybird";
+import {
+  getRandomLabelColor,
+  inboxZeroLabels,
+  PARENT_LABEL,
+  type InboxZeroLabel,
+} from "@/utils/label";
+import {
+  labelVisibility,
+  messageVisibility,
+  type LabelVisibility,
+  type MessageVisibility,
+} from "@/utils/gmail/constants";
+import { createScopedLogger } from "@/utils/logger";
+import { withGmailRetry } from "@/utils/gmail/retry";
+
+const logger = createScopedLogger("gmail/label");
+
+export const GmailLabel = {
+  INBOX: "INBOX",
+  SENT: "SENT",
+  UNREAD: "UNREAD",
+  STARRED: "STARRED",
+  IMPORTANT: "IMPORTANT",
+  SPAM: "SPAM",
+  TRASH: "TRASH",
+  DRAFT: "DRAFT",
+  PERSONAL: "CATEGORY_PERSONAL",
+  SOCIAL: "CATEGORY_SOCIAL",
+  PROMOTIONS: "CATEGORY_PROMOTIONS",
+  FORUMS: "CATEGORY_FORUMS",
+  UPDATES: "CATEGORY_UPDATES",
+};
+
+export async function labelThread(options: {
+  gmail: gmail_v1.Gmail;
+  threadId: string;
+  addLabelIds?: string[];
+  removeLabelIds?: string[];
+}) {
+  const { gmail, threadId, addLabelIds, removeLabelIds } = options;
+
+  if (!addLabelIds?.length && !removeLabelIds?.length) {
+    logger.warn("No labels to add or remove", { threadId });
+    return;
+  }
+
+  logger.trace("Labeling thread", { threadId, addLabelIds, removeLabelIds });
+
+  return withGmailRetry(() =>
+    gmail.users.threads.modify({
+      userId: "me",
+      id: threadId,
+      requestBody: {
+        addLabelIds,
+        removeLabelIds,
+      },
+    }),
+  );
+}
+
+export async function removeThreadLabel(
+  gmail: gmail_v1.Gmail,
+  threadId: string,
+  labelId: string,
+) {
+  await labelThread({
+    gmail,
+    threadId,
+    removeLabelIds: [labelId],
+  });
+}
+
+export async function archiveThread({
+  gmail,
+  threadId,
+  ownerEmail,
+  actionSource,
+  labelId,
+}: {
+  gmail: gmail_v1.Gmail;
+  threadId: string;
+  ownerEmail: string;
+  actionSource: TinybirdEmailAction["actionSource"];
+  labelId?: string;
+}) {
+  const archivePromise = gmail.users.threads.modify({
+    userId: "me",
+    id: threadId,
+    requestBody: {
+      removeLabelIds: [GmailLabel.INBOX],
+      ...(labelId ? { addLabelIds: [labelId] } : {}),
+    },
+  });
+
+  const publishPromise = publishArchive({
+    ownerEmail,
+    threadId,
+    actionSource,
+    timestamp: Date.now(),
+  });
+
+  const [archiveResult, publishResult] = await Promise.allSettled([
+    archivePromise,
+    publishPromise,
+  ]);
+
+  if (archiveResult.status === "rejected") {
+    const error = archiveResult.reason as Error;
+    if (error.message?.includes("Requested entity was not found")) {
+      logger.warn("Thread not found", { threadId, userEmail: ownerEmail });
+      return { status: 404, message: "Thread not found" };
+    }
+    logger.error("Failed to archive thread", { threadId, error });
+    throw error;
+  }
+
+  if (publishResult.status === "rejected") {
+    logger.error("Failed to publish archive action", {
+      threadId,
+      error: publishResult.reason,
+    });
+  }
+
+  return archiveResult.value;
+}
+
+export async function labelMessage({
+  gmail,
+  messageId,
+  addLabelIds,
+  removeLabelIds,
+}: {
+  gmail: gmail_v1.Gmail;
+  messageId: string;
+  addLabelIds?: string[];
+  removeLabelIds?: string[];
+}) {
+  return gmail.users.messages.modify({
+    userId: "me",
+    id: messageId,
+    requestBody: { addLabelIds, removeLabelIds },
+  });
+}
+
+export async function markReadThread(options: {
+  gmail: gmail_v1.Gmail;
+  threadId: string;
+  read: boolean;
+}) {
+  const { gmail, threadId, read } = options;
+
+  return gmail.users.threads.modify({
+    userId: "me",
+    id: threadId,
+    requestBody: read
+      ? {
+          removeLabelIds: [GmailLabel.UNREAD],
+        }
+      : {
+          addLabelIds: [GmailLabel.UNREAD],
+        },
+  });
+}
+
+export async function markImportantMessage(options: {
+  gmail: gmail_v1.Gmail;
+  messageId: string;
+  important: boolean;
+}) {
+  const { gmail, messageId, important } = options;
+
+  return gmail.users.messages.modify({
+    userId: "me",
+    id: messageId,
+    requestBody: important
+      ? {
+          addLabelIds: [GmailLabel.IMPORTANT],
+        }
+      : {
+          removeLabelIds: [GmailLabel.IMPORTANT],
+        },
+  });
+}
+
+async function createLabel({
+  gmail,
+  name,
+  messageListVisibility,
+  labelListVisibility,
+  color,
+}: {
+  gmail: gmail_v1.Gmail;
+  name: string;
+  messageListVisibility?: MessageVisibility;
+  labelListVisibility?: LabelVisibility;
+  color?: string;
+}) {
+  try {
+    const createdLabel = await gmail.users.labels.create({
+      userId: "me",
+      requestBody: {
+        name,
+        messageListVisibility,
+        labelListVisibility,
+        color: color
+          ? { backgroundColor: color, textColor: "#000000" }
+          : { backgroundColor: getRandomLabelColor(), textColor: "#000000" },
+      },
+    });
+    return createdLabel.data;
+  } catch (error) {
+    const errorMessage: string | undefined = (error as any).message;
+
+    // Handle label already exists case
+    // May be happening due to a race condition where the label was created between the list and create?
+    if (errorMessage?.includes("Label name exists or conflicts")) {
+      logger.warn("Label already exists", { name });
+      const label = await getLabel({ gmail, name });
+      if (label) return label;
+      throw new Error(`Label conflict but not found: ${name}`);
+    }
+
+    // Handle invalid label name case
+    if (errorMessage?.includes("Invalid label name"))
+      throw new Error(`Invalid Gmail label name: "${name}"`);
+
+    // Handle other errors with label name context
+    throw new Error(`Failed to create Gmail label "${name}": ${errorMessage}`);
+  }
+}
+
+export async function getLabels(gmail: gmail_v1.Gmail) {
+  const response = await gmail.users.labels.list({ userId: "me" });
+  return response.data.labels;
+}
+
+function normalizeLabel(name: string) {
+  return name
+    .toLowerCase()
+    .replace(/[-_.]/g, " ") // replace hyphens, underscores, dots with spaces
+    .replace(/\s+/g, " ") // multiple spaces to single space
+    .replace(/^\/+|\/+$/g, "") // trim slashes
+    .trim();
+}
+
+export async function getLabel(options: {
+  gmail: gmail_v1.Gmail;
+  name: string;
+}) {
+  const { gmail, name } = options;
+  const labels = await getLabels(gmail);
+
+  const normalizedSearch = normalizeLabel(name);
+
+  return labels?.find(
+    (label) => label.name && normalizeLabel(label.name) === normalizedSearch,
+  );
+}
+
+export async function getLabelById(options: {
+  gmail: gmail_v1.Gmail;
+  id: string;
+}) {
+  const { gmail, id } = options;
+  return (await gmail.users.labels.get({ userId: "me", id })).data;
+}
+
+export async function getOrCreateLabel({
+  gmail,
+  name,
+}: {
+  gmail: gmail_v1.Gmail;
+  name: string;
+}) {
+  if (!name?.trim()) throw new Error("Label name cannot be empty");
+  const label = await getLabel({ gmail, name });
+  if (label) return label;
+  const createdLabel = await createLabel({ gmail, name });
+  return createdLabel;
+}
+
+// More efficient way to get or create multiple labels, so we fetch labels only once
+export async function getOrCreateLabels({
+  gmail,
+  names,
+}: {
+  gmail: gmail_v1.Gmail;
+  names: string[];
+}): Promise<gmail_v1.Schema$Label[]> {
+  if (!names.length) return [];
+
+  // Validate names
+  const emptyNames = names.filter((name) => !name?.trim());
+  if (emptyNames.length) throw new Error("Label names cannot be empty");
+
+  // Fetch labels once
+  const existingLabels = (await getLabels(gmail)) || [];
+  const normalizedNames = names.map(normalizeLabel);
+
+  // Find existing labels
+  const labelMap = new Map<string, gmail_v1.Schema$Label>();
+  existingLabels.forEach((label) => {
+    if (label.name) {
+      labelMap.set(normalizeLabel(label.name), label);
+    }
+  });
+
+  // Create missing labels
+  const results = await Promise.all(
+    normalizedNames.map(async (normalizedName, index) => {
+      const existingLabel = labelMap.get(normalizedName);
+      if (existingLabel) return existingLabel;
+
+      return createLabel({ gmail, name: names[index] });
+    }),
+  );
+
+  return results;
+}
+
+export async function getOrCreateInboxZeroLabel({
+  gmail,
+  key,
+}: {
+  gmail: gmail_v1.Gmail;
+  key: InboxZeroLabel;
+}) {
+  const { name, color, messageListVisibility } = inboxZeroLabels[key];
+  const labels = await getLabels(gmail);
+
+  // Create parent label if it doesn't exist
+  const parentLabel = labels?.find((label) => PARENT_LABEL === label.name);
+  if (!parentLabel) {
+    try {
+      await createLabel({ gmail, name: PARENT_LABEL });
+    } catch (error) {
+      logger.warn("Parent label already exists", { name: PARENT_LABEL });
+    }
+  }
+
+  // Return child label if it exists
+  const label = labels?.find((label) => label.name === name);
+  if (label) return label;
+
+  // Create child label if it doesn't exist
+  const createdLabel = await createLabel({
+    gmail,
+    name,
+    messageListVisibility: messageListVisibility || messageVisibility.hide,
+    labelListVisibility: labelVisibility.labelShow,
+    color,
+  });
+  return createdLabel;
+}
diff --git a/apps/web/utils/outlook/mail.ts b/apps/web/utils/outlook/mail.ts
new file mode 100644
index 0000000000..a35d678f23
--- /dev/null
+++ b/apps/web/utils/outlook/mail.ts
@@ -0,0 +1,93 @@
+import { z } from "zod";
+import type { Attachment as NodemailerAttachment } from "nodemailer/lib/mailer";
+import { zodAttachment } from "@/utils/types/mail";
+import { convertEmailHtmlToText } from "@/utils/mail";
+import { createScopedLogger } from "@/utils/logger";
+
+const logger = createScopedLogger("outlook/mail");
+
+export const sendEmailBody = z.object({
+  replyToEmail: z
+    .object({
+      threadId: z.string(),
+      headerMessageId: z.string(),
+      references: z.string().optional(),
+    })
+    .optional(),
+  to: z.string(),
+  cc: z.string().optional(),
+  bcc: z.string().optional(),
+  replyTo: z.string().optional(),
+  subject: z.string(),
+  messageHtml: z.string(),
+  attachments: z.array(zodAttachment).optional(),
+});
+export type SendEmailBody = z.infer<typeof sendEmailBody>;
+
+/**
+ * Converts nodemailer-style attachments to Microsoft Graph format.
+ */
+function toGraphAttachments(attachments?: NodemailerAttachment[]) {
+  if (!attachments) return [];
+  return attachments.map((a) => ({
+    "@odata.type": "#microsoft.graph.fileAttachment",
+    name: a.filename,
+    contentType: a.contentType,
+    contentBytes: a.content?.toString("base64"),
+  }));
+}
+
+/**
+ * Send an email with HTML content using Microsoft Graph.
+ */
+export async function sendEmailWithHtmlGraph(
+  graphClient: any,
+  body: SendEmailBody,
+  from?: string,
+) {
+  let messageText: string;
+
+  try {
+    messageText = convertEmailHtmlToText({ htmlText: body.messageHtml });
+  } catch (error) {
+    logger.error("Error converting email html to text", { error });
+    messageText = body.messageHtml.replace(/<[^>]*>/g, "");
+  }
+
+  const message: any = {
+    subject: body.subject,
+    body: {
+      contentType: "HTML",
+      content: body.messageHtml,
+    },
+    toRecipients: body.to
+      .split(",")
+      .map((email) => ({ emailAddress: { address: email.trim() } })),
+    ccRecipients: body.cc
+      ? body.cc
+          .split(",")
+          .map((email) => ({ emailAddress: { address: email.trim() } }))
+      : [],
+    bccRecipients: body.bcc
+      ? body.bcc
+          .split(",")
+          .map((email) => ({ emailAddress: { address: email.trim() } }))
+      : [],
+    attachments: toGraphAttachments(body.attachments),
+  };
+
+  if (body.replyTo) {
+    message.replyTo = [{ emailAddress: { address: body.replyTo } }];
+  }
+
+  // Optionally set "from" if sending as another user (requires permissions)
+  if (from) {
+    message.from = { emailAddress: { address: from } };
+  }
+
+  // Send the message
+  await graphClient
+    .api("/me/sendMail")
+    .post({ message, saveToSentItems: true });
+  return { success: true };
+}
diff --git a/apps/web/utils/outlook/message.ts b/apps/web/utils/outlook/message.ts
new file mode 100644
index 0000000000..dfdcf1d8d9
--- /dev/null
+++ b/apps/web/utils/outlook/message.ts
@@ -0,0 +1,288 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { parseMessage } from "@/utils/mail";
+import {
+  type BatchError,
+  type MessageWithPayload,
+  type ParsedMessage,
+  isBatchError,
+  isDefined,
+} from "@/utils/types";
+import { getBatch } from "@/utils/gmail/batch";
+import { extractDomainFromEmail } from "@/utils/email";
+import { createScopedLogger } from "@/utils/logger";
+import { sleep } from "@/utils/sleep";
+import { getAccessTokenFromClient } from "@/utils/gmail/client";
+
+const logger = createScopedLogger("gmail/message");
+
+export async function getMessage(
+  messageId: string,
+  gmail: gmail_v1.Gmail,
+  format?: "full" | "metadata",
+): Promise<MessageWithPayload> {
+  const message = await gmail.users.messages.get({
+    userId: "me",
+    id: messageId,
+    format,
+  });
+
+  return message.data as MessageWithPayload;
+}
+
+export async function getMessageByRfc822Id(
+  rfc822MessageId: string,
+  gmail: gmail_v1.Gmail,
+) {
+  // Search for message using RFC822 Message-ID header
+  // Remove any < > brackets if present
+  const cleanMessageId = rfc822MessageId.replace(/[<>]/g, "");
+
+  const response = await gmail.users.messages.list({
+    userId: "me",
+    q: `rfc822msgid:${cleanMessageId}`,
+    maxResults: 1,
+  });
+
+  const message = response.data.messages?.[0];
+  if (!message?.id) {
+    logger.error("No message found for RFC822 Message-ID", {
+      rfc822MessageId,
+    });
+    return null;
+  }
+
+  return getMessage(message.id, gmail);
+}
+
+export async function getMessagesBatch({
+  messageIds,
+  accessToken,
+  retryCount = 0,
+}: {
+  messageIds: string[];
+  accessToken: string;
+  retryCount?: number;
+}): Promise<ParsedMessage[]> {
+  if (!accessToken) throw new Error("No access token");
+
+  if (retryCount > 3) {
+    logger.error("Too many retries", { messageIds, retryCount });
+    return [];
+  }
+  if (messageIds.length > 100) throw new Error("Too many messages. Max 1000");
+
+  const batch: (MessageWithPayload | BatchError)[] = await getBatch(
+    messageIds,
+    "/gmail/v1/users/me/messages",
+    accessToken,
+  );
+
+  const missingMessageIds = new Set<string>();
+
+  if (batch.some((m) => isBatchError(m) && m.error.code === 401)) {
+    logger.error("Error fetching messages", { firstBatchItem: batch?.[0] });
+    throw new Error("Invalid access token");
+  }
+
+  const messages = batch
+    .map((message, i) => {
+      if (isBatchError(message)) {
+        logger.error("Error fetching message", {
+          code: message.error.code,
+          error: message.error.message,
+        });
+        missingMessageIds.add(messageIds[i]);
+        return;
+      }
+
+      return parseMessage(message as MessageWithPayload);
+    })
+    .filter(isDefined);
+
+  // if we errored, then try to refetch the missing messages
+  if (missingMessageIds.size > 0) {
+    logger.info("Missing messages", {
+      missingMessageIds: Array.from(missingMessageIds),
+    });
+    const nextRetryCount = retryCount + 1;
+    await sleep(1_000 * nextRetryCount);
+    const missingMessages = await getMessagesBatch({
+      messageIds: Array.from(missingMessageIds),
+      accessToken,
+      retryCount: nextRetryCount,
+    });
+    return [...messages, ...missingMessages];
+  }
+
+  return messages;
+}
+
+async function findPreviousEmailsWithSender(
+  gmail: gmail_v1.Gmail,
+  options: {
+    sender: string;
+    dateInSeconds: number;
+  },
+) {
+  // Check for both incoming emails from sender and outgoing emails to sender
+  const [incomingEmails, outgoingEmails] = await Promise.all([
+    // Incoming
+    gmail.users.messages.list({
+      userId: "me",
+      q: `from:${options.sender} before:${options.dateInSeconds}`,
+      maxResults: 2,
+    }),
+    // Outgoing
+    gmail.users.messages.list({
+      userId: "me",
+      q: `to:${options.sender} before:${options.dateInSeconds}`,
+      maxResults: 1,
+    }),
+  ]);
+
+  // Combine both incoming and outgoing messages
+  const allMessages = [
+    ...(incomingEmails.data.messages || []),
+    ...(outgoingEmails.data.messages || []),
+  ];
+
+  return allMessages;
+}
+
+export async function hasPreviousCommunicationWithSender(
+  gmail: gmail_v1.Gmail,
+  options: { from: string; date: Date; messageId: string },
+) {
+  const previousEmails = await findPreviousEmailsWithSender(gmail, {
+    sender: options.from,
+    dateInSeconds: +new Date(options.date) / 1000,
+  });
+  // Ignore the current email
+  const hasPreviousEmail = !!previousEmails?.find(
+    (p) => p.id !== options.messageId,
+  );
+
+  return hasPreviousEmail;
+}
+
+const PUBLIC_DOMAINS = new Set([
+  "gmail.com",
+  "yahoo.com",
+  "hotmail.com",
+  "outlook.com",
+  "aol.com",
+  "icloud.com",
+  "@me.com",
+  "protonmail.com",
+  "zoho.com",
+  "yandex.com",
+  "fastmail.com",
+  "gmx.com",
+  "@hey.com",
+]);
+
+export async function hasPreviousCommunicationsWithSenderOrDomain(
+  gmail: gmail_v1.Gmail,
+  options: { from: string; date: Date; messageId: string },
+) {
+  const domain = extractDomainFromEmail(options.from);
+  if (!domain) return hasPreviousCommunicationWithSender(gmail, options);
+
+  // For public email providers (gmail, yahoo, etc), search by full email address
+  // For company domains, search by domain to catch emails from different people at same company
+  const searchTerm = PUBLIC_DOMAINS.has(domain.toLowerCase())
+    ? options.from
+    : domain;
+
+  return hasPreviousCommunicationWithSender(gmail, {
+    ...options,
+    from: searchTerm,
+  });
+}
+
+// List of messages.
+// Note that each message resource contains only an id and a threadId.
+// Additional message details can be fetched using the messages.get method.
+// https://developers.google.com/workspace/gmail/api/reference/rest/v1/users.messages/list
+export async function getMessages(
+  gmail: gmail_v1.Gmail,
+  options: {
+    query?: string;
+    maxResults?: number;
+    pageToken?: string;
+    labelIds?: string[];
+  },
+) {
+  const messages = await gmail.users.messages.list({
+    userId: "me",
+    maxResults: options.maxResults,
+    q: options.query,
+    pageToken: options.pageToken,
+    labelIds: options.labelIds,
+  });
+
+  return messages.data;
+}
+
+export async function queryBatchMessages(
+  gmail: gmail_v1.Gmail,
+  {
+    query,
+    maxResults = 20,
+    pageToken,
+  }: {
+    query?: string;
+    maxResults?: number;
+    pageToken?: string;
+  },
+) {
+  if (maxResults > 20) {
+    throw new Error(
+      "Max results must be 20 or Google will rate limit us and return 429 errors.",
+    );
+  }
+
+  const accessToken = getAccessTokenFromClient(gmail);
+
+  const messages = await getMessages(gmail, { query, maxResults, pageToken });
+  if (!messages.messages) return { messages: [], nextPageToken: undefined };
+  const messageIds = messages.messages.map((m) => m.id).filter(isDefined);
+  return {
+    messages: (await getMessagesBatch({ messageIds, accessToken })) || [],
+    nextPageToken: messages.nextPageToken,
+  };
+}
+
+// loops through multiple pages of messages
+export async function queryBatchMessagesPages(
+  gmail: gmail_v1.Gmail,
+  {
+    query,
+    maxResults,
+  }: {
+    query: string;
+    maxResults: number;
+  },
+) {
+  const messages: ParsedMessage[] = [];
+  let nextPageToken: string | undefined;
+  do {
+    const { messages: pageMessages, nextPageToken: nextToken } =
+      await queryBatchMessages(gmail, {
+        query,
+        pageToken: nextPageToken,
+      });
+    messages.push(...pageMessages);
+    nextPageToken = nextToken || undefined;
+  } while (nextPageToken && messages.length < maxResults);
+
+  return messages;
+}
+
+export async function getSentMessages(gmail: gmail_v1.Gmail, maxResults = 20) {
+  const messages = await queryBatchMessages(gmail, {
+    query: "label:sent",
+    maxResults,
+  });
+  return messages.messages;
+}
diff --git a/apps/web/utils/outlook/permissions.ts b/apps/web/utils/outlook/permissions.ts
new file mode 100644
index 0000000000..2b07f5452b
--- /dev/null
+++ b/apps/web/utils/outlook/permissions.ts
@@ -0,0 +1,106 @@
+import { SCOPES } from "@/utils/gmail/scopes";
+import { createScopedLogger } from "@/utils/logger";
+import prisma from "@/utils/prisma";
+
+const logger = createScopedLogger("Gmail Permissions");
+
+// TODO: this can also error on network error
+async function checkGmailPermissions({
+  accessToken,
+  emailAccountId,
+}: {
+  accessToken: string;
+  emailAccountId: string;
+}): Promise<{
+  hasAllPermissions: boolean;
+  missingScopes: string[];
+  error?: string;
+}> {
+  if (!accessToken) {
+    logger.error("No access token available", { emailAccountId });
+    return {
+      hasAllPermissions: false,
+      missingScopes: SCOPES,
+      error: "No access token available",
+    };
+  }
+
+  try {
+    const response = await fetch(
+      `https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=${accessToken}`,
+    );
+
+    const data = await response.json();
+
+    if (data.error) {
+      logger.error("Invalid token or Google API error", {
+        emailAccountId,
+        error: data.error,
+      });
+      return {
+        hasAllPermissions: false,
+        missingScopes: SCOPES, // Assume all scopes are missing if we can't check
+        error: data.error,
+      };
+    }
+
+    const grantedScopes = data.scope?.split(" ") || [];
+    const missingScopes = SCOPES.filter(
+      (scope) => !grantedScopes.includes(scope),
+    );
+
+    const hasAllPermissions = missingScopes.length === 0;
+
+    if (!hasAllPermissions)
+      logger.info("Missing Gmail permissions", {
+        emailAccountId,
+        missingScopes,
+      });
+
+    return { hasAllPermissions, missingScopes };
+  } catch (error) {
+    logger.error("Error checking Gmail permissions", { emailAccountId, error });
+    return {
+      hasAllPermissions: false,
+      missingScopes: SCOPES, // Assume all scopes are missing if we can't check
+      error: "Failed to check permissions",
+    };
+  }
+}
+
+export async function handleGmailPermissionsCheck({
+  accessToken,
+  emailAccountId,
+}: {
+  accessToken: string;
+  emailAccountId: string;
+}) {
+  const { hasAllPermissions, error, missingScopes } =
+    await checkGmailPermissions({ accessToken, emailAccountId });
+
+  if (error === "invalid_token") {
+    logger.info("Cleaning up invalid Gmail tokens", { emailAccountId });
+    // Clean up invalid tokens
+    const emailAccount = await prisma.emailAccount.findUnique({
+      where: { id: emailAccountId },
+    });
+    if (!emailAccount)
+      return { hasAllPermissions: false, error: "Email account not found" };
+
+    await prisma.account.update({
+      where: { id: emailAccount.accountId },
+      data: {
+        access_token: null,
+        refresh_token: null,
+        expires_at: null,
+      },
+    });
+    return {
+      hasAllPermissions: false,
+      error: "Gmail access expired. Please reconnect your account.",
+      missingScopes,
+    };
+  }
+
+  return { hasAllPermissions, error, missingScopes };
+}
diff --git a/apps/web/utils/outlook/reply.test.ts b/apps/web/utils/outlook/reply.test.ts
new file mode 100644
index 0000000000..7c1b27b1e2
--- /dev/null
+++ b/apps/web/utils/outlook/reply.test.ts
@@ -0,0 +1,119 @@
+import { describe, expect, it, beforeEach, afterEach, vi } from "vitest";
+import { createReplyContent } from "@/utils/gmail/reply";
+import type { ParsedMessage } from "@/utils/types";
+
+describe("email formatting", () => {
+  // Set a specific timezone offset for consistent testing
+  const testDate = new Date("2025-02-06T22:35:00.000Z");
+
+  // Thanks to the LLM for helping mock this
+  beforeEach(() => {
+    // Mock the date to a fixed UTC timestamp
+    vi.useFakeTimers();
+    vi.setSystemTime(testDate);
+
+    // Mock all date methods to use UTC values
+    vi.spyOn(Date.prototype, "getHours").mockImplementation(function (
+      this: Date,
+    ) {
+      return this.getUTCHours();
+    });
+
+    vi.spyOn(Date.prototype, "getMinutes").mockImplementation(function (
+      this: Date,
+    ) {
+      return this.getUTCMinutes();
+    });
+
+    vi.spyOn(Date.prototype, "getDate").mockImplementation(function (
+      this: Date,
+    ) {
+      return this.getUTCDate();
+    });
+
+    // Mock individual toLocaleString calls used by formatEmailDate
+    const mockToLocaleString = vi.spyOn(Date.prototype, "toLocaleString");
+    mockToLocaleString.mockImplementation(function (
+      this: Date,
+      _locales?: Intl.LocalesArgument,
+      options?: Intl.DateTimeFormatOptions,
+    ) {
+      if (options?.weekday === "short") return "Thu";
+      if (options?.month === "short") return "Feb";
+      if (options?.year === "numeric") return "2025";
+      if (options?.day === "numeric") return "6";
+      return ""; // Default case
+    });
+  });
+
+  afterEach(() => {
+    vi.useRealTimers();
+    vi.restoreAllMocks();
+  });
+
+  it("formats reply email like Gmail", () => {
+    const textContent = "This is my reply";
+    const message: Pick<ParsedMessage, "headers" | "textPlain" | "textHtml"> = {
+      headers: {
+        date: "Thu, 6 Feb 2025 23:23:47 +0200",
+        from: "John Doe <john@example.com>",
+        subject: "Test Email",
+        to: "jane@example.com",
+        "message-id": "<123@example.com>",
+      },
+      textPlain: "Original message content",
+      textHtml: "<div>Original message content</div>",
+    };
+
+    const { html } = createReplyContent({
+      textContent,
+      htmlContent: "",
+      message,
+    });
+
+    expect(html).toBe(
+      `<div dir="ltr">This is my reply</div>
+<br>
+<div class="gmail_quote gmail_quote_container">
+  <div dir="ltr" class="gmail_attr">On Thu, 6 Feb 2025 at 21:23, John Doe <john@example.com> wrote:<br></div>
+  <blockquote class="gmail_quote" 
+    style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+    <div>Original message content</div>
+  </blockquote>
+</div>`.trim(),
+    );
+  });
+
+  it("formats reply email correctly for RTL content", () => {
+    const textContent = "שלום, מה שלומך?"; // "Hello, how are you?" in Hebrew
+    const message: Pick<ParsedMessage, "headers" | "textPlain" | "textHtml"> = {
+      headers: {
+        date: "Thu, 6 Feb 2025 23:23:47 +0200",
+        from: "David Cohen <david@example.com>",
+        subject: "Test Email",
+        to: "sarah@example.com",
+        "message-id": "<123@example.com>",
+      },
+      textPlain: "תוכן ההודעה המקורית", // "Original message content" in Hebrew
+      textHtml: "<div>תוכן ההודעה המקורית</div>",
+    };
+
+    const { html } = createReplyContent({
+      textContent,
+      htmlContent: "",
+      message,
+    });
+
+    expect(html).toBe(
+      `<div dir="rtl">שלום, מה שלומך?</div>
+<br>
+<div class="gmail_quote gmail_quote_container">
+  <div dir="rtl" class="gmail_attr">On Thu, 6 Feb 2025 at 21:23, David Cohen <david@example.com> wrote:<br></div>
+  <blockquote class="gmail_quote" 
+    style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+    <div>תוכן ההודעה המקורית</div>
+  </blockquote>
+</div>`.trim(),
+    );
+  });
+});
diff --git a/apps/web/utils/outlook/reply.ts b/apps/web/utils/outlook/reply.ts
new file mode 100644
index 0000000000..d9a82171e8
--- /dev/null
+++ b/apps/web/utils/outlook/reply.ts
@@ -0,0 +1,70 @@
+import type { ParsedMessage } from "@/utils/types";
+
+export const createReplyContent = ({
+  textContent,
+  htmlContent,
+  message,
+}: {
+  textContent?: string;
+  htmlContent?: string;
+  message: Pick<ParsedMessage, "headers" | "textPlain" | "textHtml">;
+}): {
+  html: string;
+  text: string;
+} => {
+  const quotedDate = formatEmailDate(new Date(message.headers.date));
+  const quotedHeader = `On ${quotedDate}, ${message.headers.from} wrote:`;
+
+  // Detect text direction from original message
+  const textDirection = detectTextDirection(textContent || "");
+  const dirAttribute = `dir="${textDirection}"`;
+
+  // Format plain text version with proper quoting
+  const quotedContent = message.textPlain
+    ?.split("\n")
+    .map((line) => `> ${line}`)
+    .join("\n");
+  const plainText = `${textContent}\n\n${quotedHeader}\n\n${quotedContent}`;
+
+  // Get the message content, preserving any existing quotes
+  const messageContent =
+    message.textHtml || message.textPlain?.replace(/\n/g, "<br>") || "";
+
+  // Use htmlContent if provided, otherwise convert textContent to HTML
+  const contentHtml = htmlContent || textContent?.replace(/\n/g, "<br>") || "";
+
+  // Format HTML version with Gmail-style quote formatting
+  const html = `<div ${dirAttribute}>${contentHtml}</div>
+<br>
+<div class="gmail_quote gmail_quote_container">
+  <div ${dirAttribute} class="gmail_attr">${quotedHeader}<br></div>
+  <blockquote class="gmail_quote" 
+    style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+    ${messageContent}
+  </blockquote>
+</div>`.trim();
+
+  return {
+    text: plainText,
+    html,
+  };
+};
+
+function detectTextDirection(text: string): "ltr" | "rtl" {
+  // Basic RTL detection - checks for RTL characters at the start of the text
+  const rtlRegex =
+    /[\u0591-\u07FF\u200F\u202B\u202E\uFB1D-\uFDFD\uFE70-\uFEFC]/;
+  return rtlRegex.test(text.trim().charAt(0)) ? "rtl" : "ltr";
+}
+
+export function formatEmailDate(date: Date): string {
+  const weekday = date.toLocaleString("en-US", { weekday: "short" });
+  const month = date.toLocaleString("en-US", { month: "short" });
+  const day = date.getDate();
+  const year = date.getFullYear();
+  const hour = date.getHours();
+  const minute = date.getMinutes();
+
+  // Format: "Thu, 6 Feb 2025 at 23:23"
+  return `${weekday}, ${day} ${month} ${year} at ${hour}:${minute.toString().padStart(2, "0")}`;
+}
diff --git a/apps/web/utils/outlook/retry.ts b/apps/web/utils/outlook/retry.ts
new file mode 100644
index 0000000000..df4945c30f
--- /dev/null
+++ b/apps/web/utils/outlook/retry.ts
@@ -0,0 +1,35 @@
+import pRetry from "p-retry";
+import { createScopedLogger } from "@/utils/logger";
+
+const logger = createScopedLogger("gmail-retry");
+
+/**
+ * Retries a Gmail API operation when rate limits are hit
+ */
+export async function withGmailRetry<T>(
+  operation: () => Promise<T>,
+  maxRetries = 5,
+): Promise<T> {
+  return pRetry(operation, {
+    retries: maxRetries,
+    onFailedAttempt: (error) => {
+      // For Gmail API, rate limit errors have status 429 and reason 'rateLimitExceeded'
+      const originalError = error.cause as any;
+
+      // Looking at the error structure directly from logs
+      const isRateLimitError = originalError?.status === 429;
+
+      if (!isRateLimitError) {
+        logger.error("Non-rate limit error encountered, not retrying", {
+          errorMessage: originalError?.message || error.message,
+          status: originalError?.status,
+        });
+        throw error;
+      }
+
+      logger.warn(
+        `Gmail rate limit hit. Retrying... (${error.attemptNumber}/${maxRetries})`,
+      );
+    },
+  });
+}
diff --git a/apps/web/utils/outlook/scopes.ts b/apps/web/utils/outlook/scopes.ts
new file mode 100644
index 0000000000..c86a89ca0a
--- /dev/null
+++ b/apps/web/utils/outlook/scopes.ts
@@ -0,0 +1,15 @@
+import { env } from "@/env";
+
+export const SCOPES = [
+  "openid",
+  "profile",
+  "email",
+  "User.Read",
+  "offline_access",
+  "Mail.ReadWrite",
+  "Mail.Send",
+  "Mail.ReadBasic",
+  "Mail.Read",
+  "MailboxSettings.ReadWrite",
+  ...(env.NEXT_PUBLIC_CONTACTS_ENABLED ? ["Contacts.ReadWrite"] : []),
+];
diff --git a/apps/web/utils/outlook/settings.ts b/apps/web/utils/outlook/settings.ts
new file mode 100644
index 0000000000..42341cf441
--- /dev/null
+++ b/apps/web/utils/outlook/settings.ts
@@ -0,0 +1,13 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+
+export async function getFilters(gmail: gmail_v1.Gmail) {
+  const res = await gmail.users.settings.filters.list({ userId: "me" });
+  return res.data.filter || [];
+}
+
+export async function getForwardingAddresses(gmail: gmail_v1.Gmail) {
+  const res = await gmail.users.settings.forwardingAddresses.list({
+    userId: "me",
+  });
+  return res.data.forwardingAddresses || [];
+}
diff --git a/apps/web/utils/outlook/signature.test.ts b/apps/web/utils/outlook/signature.test.ts
new file mode 100644
index 0000000000..180fee2d8f
--- /dev/null
+++ b/apps/web/utils/outlook/signature.test.ts
@@ -0,0 +1,68 @@
+import { describe, it, expect } from "vitest";
+import { extractGmailSignature } from "./signature";
+
+describe("extractGmailSignature", () => {
+  it("extracts signature from HTML with gmail_signature class", () => {
+    const html = `
+      <div dir="ltr">
+        <div>Some email content</div>
+        <div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">
+          Best,<br>
+          John Doe<br>
+          CEO, Example Inc.
+        </div>
+      </div>
+    `;
+
+    const signature = extractGmailSignature(html);
+    expect(signature).toBe("Best,<br>John Doe<br>CEO, Example Inc.");
+  });
+
+  it("extracts signature from example email", () => {
+    const html = `<div dir="ltr"><div>Hey,</div><div><br></div><div>How's it going since we last spoke?</div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Best,<div>Demo Zero</div></div></div></div>`;
+
+    expect(extractGmailSignature(html)).toBe(
+      '<div dir="ltr">Best,<div>Demo Zero</div></div>',
+    );
+  });
+
+  it("handles nested signatures and takes the first one", () => {
+    const html = `
+      <div>
+        <div class="gmail_signature">Outer signature</div>
+        <div>
+          <div class="gmail_signature">Inner signature</div>
+        </div>
+      </div>
+    `;
+
+    const signature = extractGmailSignature(html);
+    expect(signature).toBe("Outer signature");
+  });
+
+  it("handles signatures with special characters and entities", () => {
+    const html = `
+      <div>
+        <div class="gmail_signature">
+          Best regards,<br>
+          John & Jane © 2024<br>
+          <div>Support & Sales</div>
+        </div>
+      </div>
+    `;
+
+    const signature = extractGmailSignature(html);
+    expect(signature).toBe(
+      "Best regards,<br>John & Jane © 2024<br><div>Support & Sales</div>",
+    );
+  });
+
+  it("returns null when no signature is found", () => {
+    const html = "<div>Just some content without signature</div>";
+    expect(extractGmailSignature(html)).toBeNull();
+  });
+
+  it("handles empty input", () => {
+    expect(extractGmailSignature("")).toBeNull();
+  });
+});
diff --git a/apps/web/utils/outlook/signature.ts b/apps/web/utils/outlook/signature.ts
new file mode 100644
index 0000000000..d13bdfb760
--- /dev/null
+++ b/apps/web/utils/outlook/signature.ts
@@ -0,0 +1,35 @@
+import { JSDOM } from "jsdom";
+
+// TODO: we can get the signature via the API instead:
+// https://developers.google.com/gmail/api/reference/rest/v1/users.settings.sendAs
+
+/**
+ * Extracts Gmail signature from email content
+ * @param htmlContent The HTML content of the email
+ * @returns The extracted signature or null if no signature is found
+ */
+export function extractGmailSignature(htmlContent: string): string | null {
+  if (!htmlContent) return null;
+
+  try {
+    const dom = new JSDOM(htmlContent);
+    const document = dom.window.document;
+    const signatureElement = document.querySelector(".gmail_signature");
+
+    if (signatureElement) {
+      const tempDiv = document.createElement("div");
+      tempDiv.innerHTML = signatureElement.innerHTML;
+
+      return tempDiv.innerHTML
+        .replace(/&amp;/g, "&") // Convert &amp; to &
+        .replace(/>\s+/g, ">") // Remove spaces after tags
+        .replace(/\s+</g, "<") // Remove spaces before tags
+        .replace(/\s+/g, " ") // Normalize remaining whitespace
+        .trim();
+    }
+  } catch (error) {
+    console.error("Error parsing signature HTML:", error);
+  }
+
+  return null;
+}
diff --git a/apps/web/utils/outlook/snippet.test.ts b/apps/web/utils/outlook/snippet.test.ts
new file mode 100644
index 0000000000..2b09cc0aa7
--- /dev/null
+++ b/apps/web/utils/outlook/snippet.test.ts
@@ -0,0 +1,46 @@
+import { describe, it, expect } from "vitest";
+import { snippetRemoveReply } from "./snippet";
+
+describe("snippetRemoveReply", () => {
+  it("should return the string before 'On DAY'", () => {
+    const snippet = "This is a test email. On Monday, we will meet.";
+    const result = snippetRemoveReply(snippet);
+    expect(result).toBe(snippet);
+  });
+
+  it("should return the entire string if 'On DAY' is not present", () => {
+    const snippet = "This is a test email without a day.";
+    const result = snippetRemoveReply(snippet);
+    expect(result).toBe("This is a test email without a day.");
+  });
+
+  it("should return an empty string if the input is null", () => {
+    const result = snippetRemoveReply(null);
+    expect(result).toBe("");
+  });
+
+  it("should return an empty string if the input is undefined", () => {
+    const result = snippetRemoveReply(undefined);
+    expect(result).toBe("");
+  });
+
+  it("should not handle case insensitivity", () => {
+    const snippet = "This is a test email. on tuesday, we will meet.";
+    const result = snippetRemoveReply(snippet);
+    expect(result).toBe("This is a test email. on tuesday, we will meet.");
+  });
+
+  it("should match abbreviated day names", () => {
+    const snippet =
+      "Done Best, Alice On Tue, Feb 04, 2025 at 10:00 AM, Bob <example@gmail.com> wrote: Lmk if you sent it";
+    const result = snippetRemoveReply(snippet);
+    expect(result).toBe("Done Best, Alice");
+  });
+
+  it("should not match full day names", () => {
+    const snippet =
+      "Done Best, Alice On Tuesday, Feb 04, 2025 at 10:00 AM, Bob <example@gmail.com> wrote: Lmk if you sent it";
+    const result = snippetRemoveReply(snippet);
+    expect(result).toBe(snippet);
+  });
+});
diff --git a/apps/web/utils/outlook/snippet.ts b/apps/web/utils/outlook/snippet.ts
new file mode 100644
index 0000000000..e60ef06ed6
--- /dev/null
+++ b/apps/web/utils/outlook/snippet.ts
@@ -0,0 +1,11 @@
+// NOTE: this only works for English. May want to support other languages in the future.
+export function snippetRemoveReply(snippet?: string | null): string {
+  if (!snippet) return "";
+  try {
+    const regex = /On (Mon|Tue|Wed|Thu|Fri|Sat|Sun),/;
+    const match = snippet.split(regex)[0];
+    return match.trim();
+  } catch (error) {
+    return snippet;
+  }
+}
diff --git a/apps/web/utils/outlook/spam.ts b/apps/web/utils/outlook/spam.ts
new file mode 100644
index 0000000000..ebd116cc68
--- /dev/null
+++ b/apps/web/utils/outlook/spam.ts
@@ -0,0 +1,17 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { GmailLabel } from "@/utils/gmail/label";
+
+export async function markSpam(options: {
+  gmail: gmail_v1.Gmail;
+  threadId: string;
+}) {
+  const { gmail, threadId } = options;
+
+  return gmail.users.threads.modify({
+    userId: "me",
+    id: threadId,
+    requestBody: {
+      addLabelIds: [GmailLabel.SPAM],
+    },
+  });
+}
diff --git a/apps/web/utils/outlook/thread.ts b/apps/web/utils/outlook/thread.ts
new file mode 100644
index 0000000000..a0be217952
--- /dev/null
+++ b/apps/web/utils/outlook/thread.ts
@@ -0,0 +1,221 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { getBatch } from "@/utils/gmail/batch";
+import {
+  isDefined,
+  type ThreadWithPayloadMessages,
+  type MessageWithPayload,
+} from "@/utils/types";
+import { parseMessage, parseMessages } from "@/utils/mail";
+import { GmailLabel } from "@/utils/gmail/label";
+
+export async function getThread(
+  threadId: string,
+  gmail: gmail_v1.Gmail,
+): Promise<ThreadWithPayloadMessages> {
+  const thread = await gmail.users.threads.get({ userId: "me", id: threadId });
+  return thread.data as ThreadWithPayloadMessages;
+}
+
+interface MinimalThread {
+  id: string;
+  snippet: string;
+  historyId: string;
+}
+
+export async function getThreads(
+  q: string,
+  labelIds: string[],
+  gmail: gmail_v1.Gmail,
+  maxResults = 100,
+): Promise<{
+  nextPageToken?: string | null;
+  resultSizeEstimate?: number | null;
+  threads: MinimalThread[];
+}> {
+  const threads = await gmail.users.threads.list({
+    userId: "me",
+    q,
+    labelIds,
+    maxResults,
+  });
+  return {
+    nextPageToken: threads.data.nextPageToken,
+    resultSizeEstimate: threads.data.resultSizeEstimate,
+    threads: (threads.data.threads || []) as MinimalThread[],
+  };
+}
+
+export async function getThreadsWithNextPageToken({
+  gmail,
+  q,
+  labelIds,
+  maxResults = 100,
+  pageToken,
+}: {
+  gmail: gmail_v1.Gmail;
+  q?: string;
+  labelIds?: string[];
+  maxResults?: number;
+  pageToken?: string;
+}) {
+  const threads = await gmail.users.threads.list({
+    userId: "me",
+    q,
+    labelIds,
+    maxResults,
+    pageToken,
+  });
+
+  return {
+    threads: threads.data.threads || [],
+    nextPageToken: threads.data.nextPageToken,
+  };
+}
+
+export async function getThreadsBatch(
+  threadIds: string[],
+  accessToken: string,
+): Promise<ThreadWithPayloadMessages[]> {
+  const batch = await getBatch(
+    threadIds,
+    "/gmail/v1/users/me/threads",
+    accessToken,
+  );
+
+  return batch;
+}
+
+export async function getThreadsBatchAndParse(
+  threadIds: string[],
+  accessToken: string,
+  includeDrafts: boolean,
+) {
+  const threads = await getThreadsBatch(threadIds, accessToken);
+
+  const threadsWithMessages = threads.map((thread) => {
+    const id = thread.id;
+    if (!id) return;
+
+    const messages = parseMessages(thread, {
+      withoutIgnoredSenders: true,
+      withoutDrafts: !includeDrafts,
+    });
+
+    return { id, messages };
+  });
+
+  return {
+    threads: threadsWithMessages.filter(isDefined),
+  };
+}
+
+async function getThreadsFromSender(
+  gmail: gmail_v1.Gmail,
+  sender: string,
+  limit: number,
+): Promise<
+  Array<{
+    id?: string | null;
+    threadId?: string | null;
+    snippet?: string | null;
+  }>
+> {
+  const query = `from:${sender} -label:sent -label:draft`;
+  const response = await gmail.users.threads.list({
+    userId: "me",
+    q: query,
+    maxResults: limit,
+  });
+
+  return response.data.threads || [];
+}
+
+export async function getThreadsFromSenderWithSubject(
+  gmail: gmail_v1.Gmail,
+  accessToken: string,
+  sender: string,
+  limit: number,
+): Promise<
+  Array<{
+    id: string;
+    snippet: string;
+    subject: string;
+  }>
+> {
+  const threads = await getThreadsFromSender(gmail, sender, limit);
+  const threadIds = threads.map((t) => t.id).filter(isDefined);
+  const threadsWithSubject = await getThreadsBatch(threadIds, accessToken);
+  return threadsWithSubject
+    .map((t) =>
+      t.id
+        ? {
+            id: t.id,
+            subject:
+              t.messages?.[0]?.payload?.headers?.find(
+                (h) => h.name === "Subject",
+              )?.value || "",
+            snippet: t.messages?.[0]?.snippet || "",
+          }
+        : undefined,
+    )
+    .filter(isDefined);
+}
+
+export async function getThreadMessages(
+  threadId: string,
+  gmail: gmail_v1.Gmail,
+) {
+  const thread = await getThread(threadId, gmail);
+  if (!thread?.messages) return [];
+  return thread.messages
+    .map((m) => parseMessage(m as MessageWithPayload))
+    .filter((m) => !m.labelIds?.includes(GmailLabel.DRAFT));
+}
+
+interface GetOutlookThreadParams {
+  id: string;
+  includeDrafts?: boolean;
+  graphClient: any;
+  emailAccountId: string;
+}
+
+export async function getOutlookThread({
+  id,
+  includeDrafts = false,
+  graphClient,
+}: GetOutlookThreadParams) {
+  // Fetch the conversation (thread) by ID
+  const conversation = await graphClient.api(`/me/conversations/${id}`).get();
+
+  // Fetch all threads (message groups) in the conversation
+  const threadsRes = await graphClient
+    .api(`/me/conversations/${id}/threads`)
+    .expand("posts")
+    .get();
+
+  // Each thread contains messages (posts)
+  const threads = threadsRes.value || [];
+
+  // Flatten all messages in all threads
+  let messages: any[] = [];
+  for (const thread of threads) {
+    if (Array.isArray(thread.posts)) {
+      messages = messages.concat(thread.posts);
+    }
+  }
+
+  // Optionally filter out drafts
+  if (!includeDrafts) {
+    messages = messages.filter(
+      (msg) => msg.isDraft !== true, // isDraft is not always present; adjust as needed
+    );
+  }
+
+  return {
+    id: conversation.id,
+    topic: conversation.topic,
+    messages,
+    snippet: messages[0]?.bodyPreview || "",
+    conversation,
+  };
+}
diff --git a/apps/web/utils/outlook/trash.ts b/apps/web/utils/outlook/trash.ts
new file mode 100644
index 0000000000..c2357eeb8d
--- /dev/null
+++ b/apps/web/utils/outlook/trash.ts
@@ -0,0 +1,78 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { publishDelete, type TinybirdEmailAction } from "@inboxzero/tinybird";
+import { createScopedLogger } from "@/utils/logger";
+
+const logger = createScopedLogger("gmail/trash");
+
+// trash moves the thread/message to the trash folder
+// delete immediately deletes the thread/message
+// trash does not require delete access from Gmail API
+
+export async function trashThread(options: {
+  gmail: gmail_v1.Gmail;
+  threadId: string;
+  ownerEmail: string;
+  actionSource: TinybirdEmailAction["actionSource"];
+}) {
+  const { gmail, threadId, ownerEmail, actionSource } = options;
+
+  const trashPromise = gmail.users.threads.trash({
+    userId: "me",
+    id: threadId,
+  });
+
+  const publishPromise = publishDelete({
+    ownerEmail,
+    threadId,
+    actionSource,
+    timestamp: Date.now(),
+  });
+
+  const [trashResult, publishResult] = await Promise.allSettled([
+    trashPromise,
+    publishPromise,
+  ]);
+
+  if (trashResult.status === "rejected") {
+    const error = trashResult.reason;
+
+    if (error.message === "Requested entity was not found.") {
+      // thread doesn't exist, so it's already been deleted
+      logger.warn("Failed to trash non-existant thread", {
+        email: ownerEmail,
+        threadId,
+        error,
+      });
+      return { status: 200 };
+    } else {
+      logger.error("Failed to trash thread", {
+        email: ownerEmail,
+        threadId,
+        error,
+      });
+      throw error;
+    }
+  }
+
+  if (publishResult.status === "rejected") {
+    logger.error("Failed to publish delete action", {
+      email: ownerEmail,
+      threadId,
+      error: publishResult.reason,
+    });
+  }
+
+  return trashResult.value;
+}
+
+export async function trashMessage(options: {
+  gmail: gmail_v1.Gmail;
+  messageId: string;
+}) {
+  const { gmail, messageId } = options;
+
+  return gmail.users.messages.trash({
+    userId: "me",
+    id: messageId,
+  });
+}
diff --git a/apps/web/utils/outlook/watch.ts b/apps/web/utils/outlook/watch.ts
new file mode 100644
index 0000000000..8df250b6c6
--- /dev/null
+++ b/apps/web/utils/outlook/watch.ts
@@ -0,0 +1,20 @@
+import type { gmail_v1 } from "@googleapis/gmail";
+import { GmailLabel } from "./label";
+import { env } from "@/env";
+
+export async function watchGmail(gmail: gmail_v1.Gmail) {
+  const res = await gmail.users.watch({
+    userId: "me",
+    requestBody: {
+      labelIds: [GmailLabel.INBOX, GmailLabel.SENT],
+      labelFilterBehavior: "include",
+      topicName: env.GOOGLE_PUBSUB_TOPIC_NAME,
+    },
+  });
+
+  return res.data;
+}
+
+export async function unwatchGmail(gmail: gmail_v1.Gmail) {
+  await gmail.users.stop({ userId: "me" });
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 9b6efa7b74..558ec2afaf 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -170,6 +170,9 @@ importers:
       '@mdx-js/react':
         specifier: 3.1.0
         version: 3.1.0(@types/react@19.0.10)(react@19.1.0)
+      '@microsoft/microsoft-graph-client':
+        specifier: ^3.0.7
+        version: 3.0.7
       '@next/mdx':
         specifier: 15.3.0
         version: 15.3.0(@mdx-js/loader@3.1.0(webpack@5.90.3(@swc/core@1.6.5(@swc/helpers@0.5.15))(esbuild@0.21.5)))(@mdx-js/react@3.1.0(@types/react@19.0.10)(react@19.1.0))
@@ -3028,6 +3031,24 @@ packages:
       '@types/react': 19.0.10
       react: '>=16'
 
+  '@microsoft/microsoft-graph-client@3.0.7':
+    resolution: {integrity: sha512-/AazAV/F+HK4LIywF9C+NYHcJo038zEnWkteilcxC1FM/uK/4NVGDKGrxx7nNq1ybspAroRKT4I1FHfxQzxkUw==}
+    engines: {node: '>=12.0.0'}
+    peerDependencies:
+      '@azure/identity': '*'
+      '@azure/msal-browser': '*'
+      buffer: '*'
+      stream-browserify: '*'
+    peerDependenciesMeta:
+      '@azure/identity':
+        optional: true
+      '@azure/msal-browser':
+        optional: true
+      buffer:
+        optional: true
+      stream-browserify:
+        optional: true
+
   '@microsoft/tsdoc-config@0.16.2':
     resolution: {integrity: sha512-OGiIzzoBLgWWR0UdRJX98oYO+XKGf7tiK4Zk6tQ/E4IJqGCe7dvkTvgDZV5cFJUzLGDOjeAXrnZoA6QkVySuxw==}
 
@@ -14873,6 +14894,11 @@ snapshots:
       '@types/react': 19.0.10
       react: 19.1.0
 
+  '@microsoft/microsoft-graph-client@3.0.7':
+    dependencies:
+      '@babel/runtime': 7.24.1
+      tslib: 2.8.1
+
   '@microsoft/tsdoc-config@0.16.2':
     dependencies:
       '@microsoft/tsdoc': 0.14.2