SYNCDATE is a two-way calendar sync service that keeps Google Workspace and Microsoft 365 calendars aligned without domain-wide delegation. Each user connects their own calendar through standard OAuth 2.0 consent. Changes sync in about 4 seconds using Google push notifications and Microsoft Graph change notifications. It is EU-hosted, GDPR-aligned, and free for 2 calendars.
Why mixed Google Workspace and Microsoft 365 environments need calendar sync
Most organizations don't choose to run two calendar stacks. They inherit them. A company on Google Workspace acquires a team that lives in Microsoft 365. Two firms form a joint venture and keep their own tenants. A department adopts Outlook while the rest of the company stays on Gmail. The result is the same: people in the same organization can't see each other's availability.
This breaks scheduling in a quiet, expensive way. When someone in Microsoft 365 opens the Scheduling Assistant, they see free time for a Google Workspace colleague who is actually fully booked. The meeting gets sent, the colleague declines, and the back-and-forth begins. Multiply that across a 200-person hybrid org and you lose hours every week to phantom availability.
Native tools don't solve this. ICS feeds are one-way and refresh slowly. Google Workspace and Microsoft 365 have no built-in cross-tenant calendar interop. Manual exports go stale the moment someone moves a meeting. What mixed environments need is real, two-way sync that creates actual events on both sides, so scheduling engines on each platform see the truth.
This guide is written for the IT admin or ops lead who has to make that work without opening a security hole. If you want the consumer-level walkthrough instead, see two-way sync between Outlook and Google Calendar.
Does Google Workspace to Microsoft 365 calendar sync need admin approval?
It depends on each tenant's settings, not on SYNCDATE. SYNCDATE requests calendar access through standard OAuth consent on both sides. Whether an individual user can grant that consent, or whether an admin must approve it first, is controlled entirely by your Google Workspace and Microsoft Entra configuration. SYNCDATE never asks for domain-wide delegation and never reads calendars the user didn't explicitly connect.
On the Microsoft 365 side, Entra ID user consent settings decide the outcome. If your tenant allows user consent for low-risk delegated permissions, employees connect on their own. If consent is restricted, they see a "Need admin approval" screen and submit an admin consent request.
On the Google Workspace side, the API controls and app access settings in the Admin console govern third-party access. Admins can mark SYNCDATE as Trusted, leave it Limited, or block it. Because SYNCDATE uses only delegated, per-user OAuth scopes, there is nothing to install tenant-wide and no service account to grant broad rights to.
Admin-delegated vs per-user connections: which model fits your org?
There are two ways to roll out cross-stack calendar sync, and SYNCDATE deliberately uses the safer one. The table below contrasts the per-user delegated model SYNCDATE relies on with the domain-wide delegation model some legacy sync tools require.
| Dimension | Per-user OAuth (SYNCDATE) | Domain-wide delegation |
|---|---|---|
| **What's granted** | Each user consents to their own calendar | One service account reads every mailbox |
| **Blast radius if compromised** | One user's calendar | Entire tenant's calendars |
| **Admin setup** | Approve the app once (optional) | Configure service account + scopes |
| **User control** | User connects/disconnects anytime | Centrally managed, opaque to users |
| **Offboarding** | Revoke one user's token | Re-scope the whole delegation |
| **Audit trail** | Per-user consent records | Single broad grant |
| **Least privilege** | Yes | No |
For most mixed Google Workspace and Microsoft 365 environments, per-user OAuth is the right call. It maps cleanly to how people actually work: each person owns their calendar and their connection. An admin can still gate the rollout by approving (or declining) the app in Entra and Google Workspace, but no single credential ever holds keys to every calendar in the org. That smaller blast radius is the whole point: a sync layer should reduce risk, not concentrate it.
Set up Google Workspace and Microsoft 365 calendar sync (admin + user steps)
1Decide your consent posture in Microsoft Entra
In the Microsoft Entra admin center, go to Identity → Enterprise applications → Consent and permissions → User consent settings. Choose whether users can self-consent to low-risk delegated permissions or must route through admin approval. If you want central control, enable the admin consent workflow so requests land in your queue.
2Approve SYNCDATE in Entra (admin)
When the first user connects an Outlook/Microsoft 365 calendar, SYNCDATE requests delegated calendar scopes via the Microsoft Graph API. As a Global Admin or Privileged Role Admin, review the requested permissions and grant tenant-wide admin consent, or approve the individual request. SYNCDATE asks only for calendar read/write, with no mail, no files, and no directory access.
3Set app access in Google Workspace (admin)
In the Google Admin console, open Security → Access and data control → API controls → Manage third-party app access. Find SYNCDATE (by OAuth client ID) and set it to Trusted to let users connect their Workspace calendars. Leaving it Limited still allows connection for scopes you permit; Blocked stops it. See Google's app access control guide.
4Have each user connect both calendars
Each employee signs in at syncdate.app, connects their Google Workspace account, then clicks "Add Account" to connect their Microsoft 365 account. Both connections use standard OAuth, no passwords are stored, and tokens are encrypted at rest with AES-256-GCM. Users only ever connect their own calendars.
5Create a two-way sync and verify
The user picks one Google Workspace calendar and one Microsoft 365 calendar, selects Two-Way, and saves. By default synced events show as "Busy" to protect meeting details. To confirm, create a test event in Google Calendar; it should appear in Outlook within about 4 seconds, and the reverse should work too. A 15-minute polling fallback covers any missed webhook.
How does SYNCDATE sync calendars across two tenants securely?
SYNCDATE syncs across separate Google Workspace and Microsoft 365 tenants by holding a per-user OAuth token for each side and propagating changes between them in near real time. It registers for Google push notifications and Microsoft Graph change notifications, so when a calendar changes, the matching event is created, updated, or deleted on the other tenant within about 4 seconds. A 15-minute polling fallback catches anything a webhook misses.
Security is built into the data path, not bolted on. OAuth tokens are encrypted at rest with AES-256-GCM, so even direct database access never exposes a usable credential. SYNCDATE holds no passwords. Each token is scoped to one user's calendar, which means a single compromised token can never reach another employee's data. Infrastructure runs on Hetzner in Germany, keeping calendar data inside the EU under GDPR.
To stop infinite loops between the two tenants, every synced event carries a calendarSyncId metadata tag in the format <user_id>:<original_source_event_id>. When SYNCDATE sees a change, it checks for this tag; if the event is a copy, it skips it. Simultaneous edits resolve by last-write-wins on the updated timestamp. For why sync sometimes appears slow, see why calendar sync gets delayed.
Is third-party calendar sync between Google Workspace and Microsoft 365 GDPR compliant?
Calendar sync can be GDPR-compliant, and SYNCDATE is built for it, but compliance also depends on how your organization configures and documents the integration. SYNCDATE processes calendar data on EU infrastructure (Hetzner, Germany), encrypts OAuth tokens at rest with AES-256-GCM, stores no passwords, and defaults synced events to a "Busy" block so event details are not copied unless a user opts in. Data stays inside the EU rather than crossing to US-hosted services.
For your own GDPR obligations, treat SYNCDATE as a processor of calendar data and reflect it in your records of processing. The relevant data is limited: event times, and optionally titles and descriptions if a user enables detail copying. Because access is per-user and revocable, data-subject control is straightforward. Any user can disconnect an account and stop processing immediately, and admins can revoke app access in Entra or Google Workspace at any time.
The privacy-by-default posture matters in a mixed-org setting. When a Google Workspace user's meeting syncs to a partner's Microsoft 365 tenant, the partner sees a "Busy" block, not the meeting subject or attendees, unless that user explicitly chose to share detail. That keeps cross-organization sync useful for scheduling without leaking sensitive context across company boundaries.
Google Workspace and Microsoft 365 sync tools compared
| Capability | SYNCDATE | CalendarBridge | OneCal | Power Automate |
|---|---|---|---|---|
| **Cross-tenant two-way sync** | Yes | Yes | Yes | Manual flows |
| **No domain-wide delegation** | Per-user OAuth | Per-user | Per-user | Tenant connectors |
| **Sync speed** | ~4 seconds | ~15 minutes | ~5 minutes | 1-15 minutes |
| **Admin app approval (Entra)** | Supported | Supported | Supported | Built-in |
| **Workspace API controls** | Trusted-app aware | Varies | Varies | n/a |
| **Token encryption** | AES-256-GCM | Not published | Not published | Microsoft-managed |
| **EU-hosted** | Yes, Germany | No, US | No, US | No, US |
| **Privacy mode** | "Busy" by default | Optional | Optional | Manual |
| **Free tier** | 2 calendars | Trial only | Trial only | Per-user license |
| **Price (20 calendars)** | €4.69/mo | $8/mo | ~$14/mo | $15×N/mo |
SYNCDATE is the option built around least-privilege per-user OAuth, EU hosting, and real-time webhook sync, with a permanent free tier to pilot before you roll out org-wide. For the full landscape across every sync tool, see the best calendar sync tool comparison. If you also support Outlook desktop users, the sync Google Calendar with Outlook guide covers client-level details.
Rollout patterns for IT admins
Post-merger: two tenants, one company
After an acquisition you have a Google Workspace tenant and a Microsoft 365 tenant that must operate as one company. Approve SYNCDATE in both admin consoles, then have employees connect their primary work calendar plus the calendar they need to see across the divide. Cross-stack meetings become visible on both sides, and the Scheduling Assistant on Microsoft 365 finally sees real availability for Google Workspace staff.
Partner org or joint venture: keep tenants separate
Two companies collaborating closely don't want to merge tenants, but their shared project team needs aligned calendars. Each side approves SYNCDATE in its own tenant, and only the project members connect. Privacy-by-default "Busy" blocks mean neither company exposes meeting subjects to the other, just availability. For distributed teams, the calendar sync for remote teams guide covers timezone handling.
Department-level hybrid stack
One department runs Outlook while the rest of the company stays on Google Workspace. Rather than force a migration, sync the department leads' calendars two-way so meeting requests resolve correctly regardless of which platform sent them. The Pro plan (€12.49/month, 100 calendars across 20 accounts) comfortably covers a department; the Plus plan (€4.69/month, 20 calendars across 5 accounts) suits smaller teams.
Frequently Asked Questions
Does Google Workspace to Microsoft 365 calendar sync need admin approval?
It depends on your tenant settings, not on SYNCDATE. SYNCDATE uses standard per-user OAuth consent. If your Entra user consent settings allow self-consent and Google Workspace API controls permit the app, users connect on their own. If consent is restricted, an admin grants admin consent in Entra and marks the app Trusted in the Google Admin console. SYNCDATE never requests domain-wide delegation.
Can I sync calendars between two companies after a merger?
Yes. SYNCDATE syncs across separate Google Workspace and Microsoft 365 tenants. Each company approves the app in its own admin console, and employees connect the calendars they need on both sides. Synced events default to "Busy" blocks, so availability is shared across the merged org without exposing meeting details unless a user opts in.
Does SYNCDATE require domain-wide delegation or a service account?
No. SYNCDATE uses delegated, per-user OAuth 2.0 tokens. Each person consents to their own calendar only. There is no service account reading every mailbox and no tenant-wide credential. That keeps the blast radius of any compromised token limited to a single user's calendar.
Is third-party calendar sync GDPR compliant?
SYNCDATE is built for GDPR compliance: data is processed on EU infrastructure in Germany, OAuth tokens are encrypted at rest with AES-256-GCM, no passwords are stored, and synced events default to "Busy" so details aren't copied unless opted into. Treat SYNCDATE as a processor in your records of processing. Any user can disconnect to stop processing immediately.
What calendar permissions does SYNCDATE actually request?
Only delegated calendar read/write scopes on each provider, via the Microsoft Graph API and the Google Calendar API. SYNCDATE does not request access to mail, files, contacts, or directory data. Admins can review the exact requested permissions on the consent screen before approving.
How fast does sync run between Google Workspace and Microsoft 365?
About 4 seconds. SYNCDATE registers for Google push notifications and Microsoft Graph change notifications, so changes propagate in near real time. A 15-minute polling fallback catches any webhook the provider fails to deliver.
How does SYNCDATE prevent duplicate events across the two tenants?
Every synced event carries a calendarSyncId metadata tag in the format <user_id>:<original_source_event_id>. When SYNCDATE detects a change and finds this tag, it knows the event is a copy and skips it, so the sync never loops back on itself. Simultaneous edits resolve by last-write-wins on the event's updated timestamp.
Can our IT admin revoke access for the whole organization?
Yes. An admin can block the app in the Google Admin console's API controls and revoke admin consent in the Entra admin center at any time. Because access is per-user OAuth, individual users can also disconnect their own accounts whenever they choose.
Is there a free way to pilot this before rolling out org-wide?
Yes. SYNCDATE is free forever for 2 calendars with no credit card, so an admin and one user can validate the full Entra and Google Workspace approval flow and confirm sync behavior before a wider rollout. The Plus plan (€4.69/month) covers 20 calendars across 5 accounts, and the Pro plan (€12.49/month) covers 100 calendars across 20 accounts.