diff --git a/client/app/assets/images/db-logos/aws_es_sql.png b/client/app/assets/images/db-logos/aws_es_sql.png
new file mode 100644
index 0000000000..cbf84873f3
Binary files /dev/null and b/client/app/assets/images/db-logos/aws_es_sql.png differ
diff --git a/client/app/assets/images/microsoft_logo.svg b/client/app/assets/images/microsoft_logo.svg
new file mode 100644
index 0000000000..347c384281
--- /dev/null
+++ b/client/app/assets/images/microsoft_logo.svg
@@ -0,0 +1 @@
+<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1588228593575" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="1396" xmlns:xlink="http://www.w3.org/1999/xlink" width="18" height="18"><defs><style type="text/css"></style></defs><path d="M157.615686 0h708.768628c86.337255 0 157.615686 70.27451 157.615686 156.611765v710.77647c0 86.337255-71.278431 156.611765-157.615686 156.611765h-708.768628c-86.337255 0-157.615686-70.27451-157.615686-156.611765v-710.77647c0-86.337255 71.278431-156.611765 157.615686-156.611765z" fill="none" p-id="1397"></path><path d="M189.409882 751.144157V277.985882l418.94651-154.563764 227.779765 73.216v637.229176l-227.779765 69.140079-418.93647-151.853177 418.93647 50.165961v-550.450196l-272.51451 63.718902v372.85647l-146.432 63.708863z" fill="#DD3F13" p-id="1398"></path></svg>
\ No newline at end of file
diff --git a/client/app/pages/settings/OrganizationSettings.jsx b/client/app/pages/settings/OrganizationSettings.jsx
index 25477f30ba..4befca24ff 100644
--- a/client/app/pages/settings/OrganizationSettings.jsx
+++ b/client/app/pages/settings/OrganizationSettings.jsx
@@ -48,7 +48,7 @@ class OrganizationSettings extends React.Component {
   }
 
   disablePasswordLoginToggle = () =>
-    !(clientConfig.googleLoginEnabled || clientConfig.ldapLoginEnabled || this.state.formValues.auth_saml_enabled);
+    !(clientConfig.googleLoginEnabled || clientConfig.microsoftLoginEnabled || clientConfig.ldapLoginEnabled || this.state.formValues.auth_saml_enabled);
 
   handleSubmit = e => {
     e.preventDefault();
@@ -103,6 +103,34 @@ class OrganizationSettings extends React.Component {
     );
   }
 
+  renderMicrosoftLoginOptions() {
+    const { formValues } = this.state;
+    return (
+      <React.Fragment>
+        <h4>Microsoft Login</h4>
+        <Form.Item label="Allowed Microsoft Apps Domains">
+          <Select
+            mode="tags"
+            value={formValues.auth_microsoft_apps_domains}
+            onChange={value => this.handleChange("auth_microsoft_apps_domains", value)}
+          />
+          {!isEmpty(formValues.auth_microsoft_apps_domains) && (
+            <Alert
+              message={
+                <p>
+                  Any user registered with a <strong>{join(formValues.auth_microsoft_apps_domains, ", ")}</strong> Microsoft
+                  Apps account will be able to login. If they don{"'"}t have an existing user, a new user will be
+                  created and join the <strong>Default</strong> group.
+                </p>
+              }
+              className="m-t-15"
+            />
+          )}
+        </Form.Item>
+      </React.Fragment>
+    );
+  }
+
   renderSAMLOptions() {
     const { formValues } = this.state;
     return (
@@ -252,6 +280,7 @@ class OrganizationSettings extends React.Component {
           </Checkbox>
         </Form.Item>
         {clientConfig.googleLoginEnabled && this.renderGoogleLoginOptions()}
+        {clientConfig.microsoftLoginEnabled && this.renderMicrosoftLoginOptions()}
         {this.renderSAMLOptions()}
       </React.Fragment>
     );
diff --git a/redash/authentication/__init__.py b/redash/authentication/__init__.py
index 7aeea8f332..5ac9ca086c 100644
--- a/redash/authentication/__init__.py
+++ b/redash/authentication/__init__.py
@@ -243,6 +243,7 @@ def logout_and_redirect_to_index():
 def init_app(app):
     from redash.authentication import (
         google_oauth,
+        microsoft_oauth,
         saml_auth,
         remote_user_auth,
         ldap_auth,
@@ -252,6 +253,7 @@ def init_app(app):
     login_manager.anonymous_user = models.AnonymousUser
 
     app.register_blueprint(google_oauth.blueprint)
+    app.register_blueprint(microsoft_oauth.blueprint)
     app.register_blueprint(saml_auth.blueprint)
     app.register_blueprint(remote_user_auth.blueprint)
     app.register_blueprint(ldap_auth.blueprint)
diff --git a/redash/authentication/microsoft_oauth.py b/redash/authentication/microsoft_oauth.py
new file mode 100644
index 0000000000..b79cfff850
--- /dev/null
+++ b/redash/authentication/microsoft_oauth.py
@@ -0,0 +1,119 @@
+import logging
+import requests
+import jwt
+from flask import redirect, url_for, Blueprint, flash, request, session
+from flask_oauthlib.client import OAuth
+
+from redash import models, settings
+from redash.authentication import (
+    create_and_login_user,
+    logout_and_redirect_to_index,
+    get_next_path,
+)
+from redash.authentication.org_resolving import current_org
+
+logger = logging.getLogger("microsoft_oauth")
+
+oauth = OAuth()
+blueprint = Blueprint("microsoft_oauth", __name__)
+
+def microsoft_remote_app():
+    if "microsoft" not in oauth.remote_apps:
+        oauth.remote_app(
+            "microsoft",
+            base_url="https://login.microsoftonline.com",
+            authorize_url="https://login.microsoftonline.com/{}/oauth2/v2.0/authorize".format(settings.MICROSOFT_TENANT_ID),
+            request_token_url=None,
+            request_token_params={
+                "scope": "openid email",
+            },
+            access_token_url="https://login.microsoftonline.com/{}/oauth2/v2.0/token".format(settings.MICROSOFT_TENANT_ID),
+            access_token_method="POST",
+            consumer_key=settings.MICROSOFT_CLIENT_ID,
+            consumer_secret=settings.MICROSOFT_CLIENT_SECRET,
+        )
+
+    return oauth.microsoft
+
+
+def get_user_profile(code):
+    resp = microsoft_remote_app().authorized_response()
+    id_token = resp.get("id_token")
+    if id_token is None:
+        logger.warning("Failed getting user profile.", resp)
+        return None
+    profile = jwt.decode(id_token.encode('utf-8'), verify=False)
+    profile['name'] = profile['email'].split('@', 1)[0]
+    return profile
+
+
+def verify_profile(org, profile):
+    if org.is_public:
+        return True
+
+    email = profile["email"]
+    domain = email.split("@")[-1]
+
+    if domain in org.microsoft_apps_domains:
+        return True
+
+    if org.has_user(email) == 1:
+        return True
+
+    return False
+
+
+@blueprint.route("/<org_slug>/oauth/microsoft", endpoint="authorize_org")
+def org_login(org_slug):
+    session["org_slug"] = current_org.slug
+    return redirect(url_for(".authorize", next=request.args.get("next", None)))
+
+
+@blueprint.route("/oauth/microsoft", endpoint="authorize")
+def login():
+    callback = url_for(".callback", _external=True)
+    next_path = request.args.get(
+        "next", url_for("redash.index", org_slug=session.get("org_slug"))
+    )
+    logger.debug("Callback url: %s", callback)
+    logger.debug("Next is: %s", next_path)
+    return microsoft_remote_app().authorize(callback=callback, state=next_path)
+
+
+@blueprint.route("/oauth/microsoft_callback", endpoint="callback")
+def authorized():
+    code = request.args.get('code')
+    if code is None:
+        logger.warning("code missing in call back request.")
+        flash("Validation error. Please retry.")
+        return redirect(url_for("redash.login"))
+    profile = get_user_profile(code)
+    if profile is None:
+        flash("Validation error. Please retry.") 
+        return redirect(url_for("redash.login"))
+
+    if "org_slug" in session:
+        org = models.Organization.get_by_slug(session.pop("org_slug"))
+    else:
+        org = current_org
+
+    if not verify_profile(org, profile):
+        logger.warning(
+            "User tried to login with unauthorized domain name: %s (org: %s)",
+            profile["email"],
+            org,
+        )
+        flash("Your microsoft Apps account ({}) isn't allowed.".format(profile["email"]))
+        return redirect(url_for("redash.login", org_slug=org.slug))
+
+    picture_url = profile.get('picture')
+    user = create_and_login_user(org, profile["name"], profile["email"], picture_url)
+    if user is None:
+        return logout_and_redirect_to_index()
+
+    unsafe_next_path = request.args.get("state") or url_for(
+        "redash.index", org_slug=org.slug
+    )
+    next_path = get_next_path(unsafe_next_path)
+
+    return redirect(next_path)
\ No newline at end of file
diff --git a/redash/cli/organization.py b/redash/cli/organization.py
index 45c73551fc..590fefa945 100644
--- a/redash/cli/organization.py
+++ b/redash/cli/organization.py
@@ -18,7 +18,7 @@ def set_google_apps_domains(domains):
     models.db.session.add(organization)
     models.db.session.commit()
     print(
-        "Updated list of allowed domains to: {}".format(
+        "Updated list of google allowed domains to: {}".format(
             organization.google_apps_domains
         )
     )
@@ -33,6 +33,32 @@ def show_google_apps_domains():
         )
     )
 
+@manager.command()
+@argument("domains")
+def set_microsoft_apps_domains(domains):
+    """
+    Sets the allowable domains to the comma separated list DOMAINS.
+    """
+    organization = models.Organization.query.first()
+    k = models.Organization.SETTING_MICROSOFT_APPS_DOMAINS
+    organization.settings[k] = domains.split(",")
+    models.db.session.add(organization)
+    models.db.session.commit()
+    print(
+        "Updated list of microsoft allowed domains to: {}".format(
+            organization.microsoft_apps_domains
+        )
+    )
+
+
+@manager.command()
+def show_microsoft_apps_domains():
+    organization = models.Organization.query.first()
+    print(
+        "Current list of Microsoft Apps domains: {}".format(
+            ", ".join(organization.microsoft_apps_domains)
+        )
+    )
 
 @manager.command(name="list")
 def list_command():
diff --git a/redash/handlers/authentication.py b/redash/handlers/authentication.py
index a4f1d2f87d..63a6a149ec 100644
--- a/redash/handlers/authentication.py
+++ b/redash/handlers/authentication.py
@@ -30,6 +30,9 @@ def get_google_auth_url(next_path):
         google_auth_url = url_for("google_oauth.authorize", next=next_path)
     return google_auth_url
 
+def get_microsoft_auth_url(next_path):
+    microsoft_auth_url = url_for("microsoft_oauth.authorize", next=next_path)
+    return microsoft_auth_url
 
 def render_token_login_page(template, org_slug, token, invite):
     try:
@@ -93,12 +96,15 @@ def render_token_login_page(template, org_slug, token, invite):
             return redirect(url_for("redash.index", org_slug=org_slug))
 
     google_auth_url = get_google_auth_url(url_for("redash.index", org_slug=org_slug))
+    microsoft_auth_url = get_microsoft_auth_url(url_for("redash.index", org_slug=org_slug))
 
     return (
         render_template(
             template,
             show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
             google_auth_url=google_auth_url,
+            show_microsoft_openid=settings.MICROSOFT_OAUTH_ENABLED,
+            microsoft_auth_url=microsoft_auth_url,
             show_saml_login=current_org.get_setting("auth_saml_enabled"),
             show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
             show_ldap_login=settings.LDAP_LOGIN_ENABLED,
@@ -215,6 +221,7 @@ def login(org_slug=None):
             flash("Wrong email or password.")
 
     google_auth_url = get_google_auth_url(next_path)
+    microsoft_auth_url = get_microsoft_auth_url(next_path)
 
     return render_template(
         "login.html",
@@ -223,6 +230,8 @@ def login(org_slug=None):
         email=request.form.get("email", ""),
         show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
         google_auth_url=google_auth_url,
+        show_microsoft_openid=settings.MICROSOFT_OAUTH_ENABLED,
+        microsoft_auth_url=microsoft_auth_url,
         show_password_login=current_org.get_setting("auth_password_login_enabled"),
         show_saml_login=current_org.get_setting("auth_saml_enabled"),
         show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
@@ -295,6 +304,7 @@ def client_config():
         "dashboardRefreshIntervals": settings.DASHBOARD_REFRESH_INTERVALS,
         "queryRefreshIntervals": settings.QUERY_REFRESH_INTERVALS,
         "googleLoginEnabled": settings.GOOGLE_OAUTH_ENABLED,
+        "microsoftLoginEnabled": settings.MICROSOFT_OAUTH_ENABLED,
         "ldapLoginEnabled": settings.LDAP_LOGIN_ENABLED,
         "pageSize": settings.PAGE_SIZE,
         "pageSizeOptions": settings.PAGE_SIZE_OPTIONS,
diff --git a/redash/handlers/data_sources.py b/redash/handlers/data_sources.py
index 94ad0abb11..49115b0422 100644
--- a/redash/handlers/data_sources.py
+++ b/redash/handlers/data_sources.py
@@ -1,5 +1,5 @@
 import logging
-
+import traceback
 from flask import make_response, request
 from flask_restful import abort
 from funcy import project
@@ -193,6 +193,7 @@ def get(self, data_source_id):
             }
         except Exception:
             response["error"] = {"code": 2, "message": "Error retrieving schema."}
+            logging.ERROR(traceback.format_exc())
 
         return response
 
diff --git a/redash/handlers/settings.py b/redash/handlers/settings.py
index d684f42c35..c247807969 100644
--- a/redash/handlers/settings.py
+++ b/redash/handlers/settings.py
@@ -21,6 +21,7 @@ def get_settings_with_defaults(defaults, org):
             settings[setting] = current_value
 
     settings["auth_google_apps_domains"] = org.google_apps_domains
+    settings["auth_microsoft_apps_domains"] = org.microsoft_apps_domains
 
     return settings
 
@@ -44,6 +45,9 @@ def post(self):
             if k == "auth_google_apps_domains":
                 previous_values[k] = self.current_org.google_apps_domains
                 self.current_org.settings[Organization.SETTING_GOOGLE_APPS_DOMAINS] = v
+            elif k == "auth_microsoft_apps_domains":
+                previous_values[k] = self.current_org.microsoft_apps_domains
+                self.current_org.settings[Organization.SETTING_MICROSOFT_APPS_DOMAINS] = v
             else:
                 previous_values[k] = self.current_org.get_setting(
                     k, raise_on_missing=False
diff --git a/redash/models/organizations.py b/redash/models/organizations.py
index 66c07007d4..11acc84cfb 100644
--- a/redash/models/organizations.py
+++ b/redash/models/organizations.py
@@ -12,6 +12,7 @@
 @generic_repr("id", "name", "slug")
 class Organization(TimestampMixin, db.Model):
     SETTING_GOOGLE_APPS_DOMAINS = "google_apps_domains"
+    SETTING_MICROSOFT_APPS_DOMAINS = "microsoft_apps_domains"
     SETTING_IS_PUBLIC = "is_public"
 
     id = Column(db.Integer, primary_key=True)
@@ -44,6 +45,10 @@ def default_group(self):
     def google_apps_domains(self):
         return self.settings.get(self.SETTING_GOOGLE_APPS_DOMAINS, [])
 
+    @property
+    def microsoft_apps_domains(self):
+        return self.settings.get(self.SETTING_MICROSOFT_APPS_DOMAINS, [])
+
     @property
     def is_public(self):
         return self.settings.get(self.SETTING_IS_PUBLIC, False)
diff --git a/redash/query_runner/amazon_elasticsearch.py b/redash/query_runner/amazon_elasticsearch.py
index cf81969874..bda67a6aec 100644
--- a/redash/query_runner/amazon_elasticsearch.py
+++ b/redash/query_runner/amazon_elasticsearch.py
@@ -1,4 +1,5 @@
-from .elasticsearch import ElasticSearch
+from .elasticsearch import BaseElasticSearch, ElasticSearch
+from typing import Tuple, Optional
 from . import register
 
 try:
@@ -63,5 +64,53 @@ def __init__(self, configuration):
 
         self.auth = AWSV4Sign(cred, region, "es")
 
+class AmazonElasticsearchSqlService(AmazonElasticsearchService):
+    @classmethod
+    def name(cls):
+        return "Amazon Elasticsearch Service for SQL"
+
+    @classmethod
+    def enabled(cls):
+        return enabled
+
+    @classmethod
+    def type(cls):
+        return "aws_es_sql"
+
+    @classmethod
+    def configuration_schema(cls):
+        return {
+            "type": "object",
+            "properties": {
+                "server": {"type": "string", "title": "Endpoint"},
+                "region": {"type": "string"},
+                "access_key": {"type": "string", "title": "Access Key"},
+                "secret_key": {"type": "string", "title": "Secret Key"},
+            },
+            "secret": ["secret_key"],
+            "order": [
+                "server",
+                "region",
+                "access_key",
+                "secret_key",
+            ],
+            "required": ["server", "region"],
+        }
+
+    def __init__(self, configuration):
+        super(AmazonElasticsearchSqlService, self).__init__(configuration)
+        self.syntax = 'sql'
+
+    def run_query(self, query, user):
+        return BaseElasticSearch.run_query(self, query, user)
+
+    def _build_query(self, query: str) -> Tuple[dict, str, Optional[list]]:
+        sql_query = {
+            'query': query
+        }
+        sql_query_url = '/_opendistro/_sql'
+        return None, sql_query, sql_query_url, None
+
 
 register(AmazonElasticsearchService)
+register(AmazonElasticsearchSqlService)
diff --git a/redash/query_runner/elasticsearch.py b/redash/query_runner/elasticsearch.py
index d96dd1e433..3a9f3435b6 100644
--- a/redash/query_runner/elasticsearch.py
+++ b/redash/query_runner/elasticsearch.py
@@ -6,6 +6,7 @@
 
 import requests
 from requests.auth import HTTPBasicAuth
+from typing import Tuple, Optional
 
 from redash.query_runner import *
 from redash.utils import json_dumps, json_loads
@@ -40,7 +41,6 @@
     float: TYPE_FLOAT,
 }
 
-
 class BaseElasticSearch(BaseQueryRunner):
     should_annotate_query = False
     DEBUG_ENABLED = False
@@ -92,102 +92,134 @@ def __init__(self, configuration):
         if basic_auth_user and basic_auth_password:
             self.auth = HTTPBasicAuth(basic_auth_user, basic_auth_password)
 
-    def _get_mappings(self, url):
-        mappings = {}
+    def get_response(self, url, http_method='get', **kwargs):
+        url = "{}{}".format(self.server_url, url)
+        headers = kwargs.pop('headers', {})
+        headers['Accept'] = 'application/json'
+
+        # Then call requests to get the response from the given endpoint
+        # URL optionally, with the additional requests parameters.
         error = None
+        response = None
         try:
-            r = requests.get(url, auth=self.auth)
-            r.raise_for_status()
-
-            mappings = r.json()
-        except requests.HTTPError as e:
-            logger.exception(e)
-            error = "Failed to execute query. Return Code: {0}   Reason: {1}".format(
-                r.status_code, r.text
+            response = requests.request(http_method, url, auth=self.auth, headers=headers, **kwargs)
+            # Raise a requests HTTP exception with the appropriate reason
+            # for 4xx and 5xx response status codes which is later caught
+            # and passed back.
+            response.raise_for_status()
+
+            # Any other responses (e.g. 2xx and 3xx):
+            if response.status_code != 200:
+                error = "Endpoint returned unexpected status code ({}).".format(response.status_code)
+
+        except requests.HTTPError as exc:
+            logger.exception(exc)
+            error = "Failed to execute query. " "Return Code: {} Reason: {}".format(
+                response.status_code, response.text
             )
-            mappings = None
-        except requests.exceptions.RequestException as e:
-            logger.exception(e)
-            error = "Connection refused"
-            mappings = None
+        except requests.RequestException as exc:
+            # Catch all other requests exceptions and return the error.
+            logger.exception(exc)
+            error = str(exc)
 
-        return mappings, error
+        # Return response and error.
+        return response, error
+
+    def _get_mappings(self, url):
+        response, error = self.get_response(url)
+        if error is None:
+            return response.json(), None
+        else:
+            return {}, error
 
     def _get_query_mappings(self, url):
         mappings_data, error = self._get_mappings(url)
         if error:
             return mappings_data, error
+        mappings = self._parse_mappings(mappings_data)
+        return mappings, error
+
+    def test_connection(self):
+        _, error = self.get_response("/_cluster/health")
+        if error is not None:
+            raise Exception(error)
 
+    def run_query(self, query, user):
+        index, query, url, result_fields = self._build_query(query)
+        mappings = {}
+        if index:
+            mapping_url = "/{0}/_mapping".format(index)
+            mappings, error = self._get_query_mappings(mapping_url)
+            if error:
+                return None, error
+
+        response, error = self.get_response(url, http_method='post', json=query)
+        if error:
+            return None, error
+        raw_result = response.json()
+
+        result_columns = []
+        result_rows = []
+        self._parse_results(mappings, result_fields, raw_result, result_columns, result_rows)
+        json_data = json_dumps({"columns": result_columns, "rows": result_rows})
+        error = None
+        return json_data, error
+
+    def _build_query(self, query: str) -> Tuple[dict, str, Optional[list]]:
+        query = json_loads(query)
+        index_name = query.pop('index', None)
+        result_fields = query.pop('_source', None)
+        url = "/{}/_search".format(index_name) if index_name else "/_search"
+        return index_name, query, url, result_fields
+
+    @classmethod
+    def _parse_mappings(cls, mappings_data: dict):
         mappings = {}
+
+        def _parse_properties(prefix: str, properties: dict):
+            for property_name, property_data in properties.items():
+                if property_name not in mappings:
+                    property_type = property_data.get('type', None)
+                    nested_properties = property_data.get('properties', None)
+                    if property_type:
+                        mappings[index_name][prefix + property_name] = (
+                            ELASTICSEARCH_TYPES_MAPPING.get(property_type, TYPE_STRING)
+                        )
+                    elif nested_properties:
+                        new_prefix = prefix + property_name + '.'
+                        _parse_properties(new_prefix, nested_properties)
+
         for index_name in mappings_data:
+            mappings[index_name] = {}
             index_mappings = mappings_data[index_name]
-            for m in index_mappings.get("mappings", {}):
-                if "properties" not in index_mappings["mappings"][m]:
-                    continue
-                for property_name in index_mappings["mappings"][m]["properties"]:
-                    property_data = index_mappings["mappings"][m]["properties"][
-                        property_name
-                    ]
-                    if property_name not in mappings:
-                        property_type = property_data.get("type", None)
-                        if property_type:
-                            if property_type in ELASTICSEARCH_TYPES_MAPPING:
-                                mappings[property_name] = ELASTICSEARCH_TYPES_MAPPING[
-                                    property_type
-                                ]
-                            else:
-                                mappings[property_name] = TYPE_STRING
-                                # raise Exception("Unknown property type: {0}".format(property_type))
+            _parse_properties('', index_mappings['mappings']['properties'])
 
-        return mappings, error
+        return mappings
 
     def get_schema(self, *args, **kwargs):
-        def parse_doc(doc, path=None):
-            """Recursively parse a doc type dictionary
-            """
-            path = path or []
-            result = []
-            for field, description in doc["properties"].items():
-                if "properties" in description:
-                    result.extend(parse_doc(description, path + [field]))
-                else:
-                    result.append(".".join(path + [field]))
-            return result
-
         schema = {}
-        url = "{0}/_mappings".format(self.server_url)
-        mappings, error = self._get_mappings(url)
-
+        mappings, error = self._get_query_mappings('/_mappings')
         if mappings:
-            # make a schema for each index
-            # the index contains a mappings dict with documents
-            # in a hierarchical format
-            for name, index in mappings.items():
-                columns = []
-                schema[name] = {"name": name}
-                for doc, items in index["mappings"].items():
-                    columns.extend(parse_doc(items))
-
-                # remove duplicates
-                # sort alphabetically
-                schema[name]["columns"] = sorted(set(columns))
+            for name, columns in mappings.items():
+                schema[name] = {
+                    'name': name,
+                    'columns': list(columns.keys())
+                }
         return list(schema.values())
 
-    def _parse_results(
-        self, mappings, result_fields, raw_result, result_columns, result_rows
-    ):
-        def add_column_if_needed(
-            mappings, column_name, friendly_name, result_columns, result_columns_index
-        ):
-            if friendly_name not in result_columns_index:
-                result_columns.append(
-                    {
-                        "name": friendly_name,
-                        "friendly_name": friendly_name,
-                        "type": mappings.get(column_name, "string"),
-                    }
-                )
-                result_columns_index[friendly_name] = result_columns[-1]
+    @classmethod
+    def _parse_results(cls, mappings, result_fields, raw_result, result_columns, result_rows):
+        result_columns_index = {c["name"]: c for c in result_columns}
+        result_fields_index = {}
+
+        def add_column_if_needed(column_name, value=None):
+            if column_name not in result_columns_index:
+                result_columns.append({
+                    'name': column_name,
+                    'friendly_name': column_name,
+                    'type': PYTHON_TYPES_MAPPING.get(type(value), TYPE_STRING)
+                })
+                result_columns_index[column_name] = result_columns[-1]
 
         def get_row(rows, row):
             if row is None:
@@ -195,185 +227,121 @@ def get_row(rows, row):
                 rows.append(row)
             return row
 
-        def collect_value(mappings, row, key, value, type):
+        def collect_value(row, key, value):
             if result_fields and key not in result_fields_index:
                 return
 
-            mappings[key] = type
-            add_column_if_needed(
-                mappings, key, key, result_columns, result_columns_index
-            )
+            add_column_if_needed(key, value)
             row[key] = value
 
-        def collect_aggregations(
-            mappings, rows, parent_key, data, row, result_columns, result_columns_index
-        ):
-            if isinstance(data, dict):
-                for key, value in data.items():
-                    val = collect_aggregations(
-                        mappings,
-                        rows,
-                        parent_key if key == "buckets" else key,
-                        value,
-                        row,
-                        result_columns,
-                        result_columns_index,
-                    )
-                    if val:
-                        row = get_row(rows, row)
-                        collect_value(mappings, row, key, val, "long")
-
-                for data_key in ["value", "doc_count"]:
-                    if data_key not in data:
-                        continue
-                    if "key" in data and len(list(data.keys())) == 2:
-                        key_is_string = "key_as_string" in data
-                        collect_value(
-                            mappings,
-                            row,
-                            data["key"] if not key_is_string else data["key_as_string"],
-                            data[data_key],
-                            "long" if not key_is_string else "string",
-                        )
+        def parse_bucket_to_row(data, row, agg_key):
+            sub_agg_key = ""
+            for key, item in data.items():
+                if key == 'key_as_string':
+                    continue
+                if key == 'key':
+                    if 'key_as_string' in data:
+                        collect_value(row, agg_key, data['key_as_string'])
                     else:
-                        return data[data_key]
-
-            elif isinstance(data, list):
-                for value in data:
-                    result_row = get_row(rows, row)
-                    collect_aggregations(
-                        mappings,
-                        rows,
-                        parent_key,
-                        value,
-                        result_row,
-                        result_columns,
-                        result_columns_index,
-                    )
-                    if "doc_count" in value:
-                        collect_value(
-                            mappings,
-                            result_row,
-                            "doc_count",
-                            value["doc_count"],
-                            "integer",
-                        )
-                    if "key" in value:
-                        if "key_as_string" in value:
-                            collect_value(
-                                mappings,
-                                result_row,
-                                parent_key,
-                                value["key_as_string"],
-                                "string",
-                            )
-                        else:
+                        collect_value(row, agg_key, data['key'])
+                    continue
+
+                if isinstance(item, (str, int, float)):
+                    collect_value(row, agg_key + '.' + key, item)
+                elif isinstance(item, dict):
+                    if 'buckets' not in item:
+                        for sub_key, sub_item in item.items():
                             collect_value(
-                                mappings, result_row, parent_key, value["key"], "string"
+                                row,
+                                agg_key + '.' + key + '.' + sub_key,
+                                sub_item,
                             )
+                    else:
+                        sub_agg_key = key
+
+            return sub_agg_key
+
+        def parse_buckets_list(rows, parent_key, data, row, depth):
+            if len(rows) > 0 and depth == 0:
+                row = rows.pop()
+
+            for value in data:
+                row = row.copy()
+                sub_agg_key = parse_bucket_to_row(value, row, parent_key)
+
+                if sub_agg_key == "":
+                    rows.append(row)
+                else:
+                    depth += 1
+                    parse_buckets_list(rows, sub_agg_key, value[sub_agg_key]['buckets'], row, depth)
+
+        def collect_aggregations(rows, parent_key, data, row, depth):
+            row = get_row(rows, row)
+            parse_bucket_to_row(data, row, parent_key)
+
+            if 'buckets' in data:
+                parse_buckets_list(rows, parent_key, data['buckets'], row, depth)
 
             return None
 
-        result_columns_index = {c["name"]: c for c in result_columns}
+        def get_flatten_results(dd, separator='.', prefix=''):
+            if isinstance(dd, dict):
+                return {
+                    prefix + separator + k if prefix else k: v
+                    for kk, vv in dd.items()
+                    for k, v in get_flatten_results(vv, separator, kk).items()
+                }
+            elif isinstance(dd, list) and len(dd) == 1:
+                return {prefix: dd[0]}
+            else:
+                return {prefix: dd}
 
-        result_fields_index = {}
         if result_fields:
             for r in result_fields:
                 result_fields_index[r] = None
 
-        if "error" in raw_result:
-            error = raw_result["error"]
+        if 'error' in raw_result:
+            error = raw_result['error']
             if len(error) > 10240:
-                error = error[:10240] + "... continues"
+                error = error[:10240] + '... continues'
 
             raise Exception(error)
-        elif "aggregations" in raw_result:
-            if result_fields:
-                for field in result_fields:
-                    add_column_if_needed(
-                        mappings, field, field, result_columns, result_columns_index
-                    )
-
+        elif 'aggregations' in raw_result:
             for key, data in raw_result["aggregations"].items():
-                collect_aggregations(
-                    mappings,
-                    result_rows,
-                    key,
-                    data,
-                    None,
-                    result_columns,
-                    result_columns_index,
-                )
-
-            logger.debug("result_rows %s", str(result_rows))
-            logger.debug("result_columns %s", str(result_columns))
-        elif "hits" in raw_result and "hits" in raw_result["hits"]:
-            if result_fields:
-                for field in result_fields:
-                    add_column_if_needed(
-                        mappings, field, field, result_columns, result_columns_index
-                    )
+                collect_aggregations(result_rows, key, data, None, 0)
 
+        elif 'hits' in raw_result and 'hits' in raw_result['hits']:
             for h in raw_result["hits"]["hits"]:
                 row = {}
 
-                column_name = "_source" if "_source" in h else "fields"
-                for column in h[column_name]:
+                fields_parameter_name = "_source" if "_source" in h else "fields"
+                for column in h[fields_parameter_name]:
                     if result_fields and column not in result_fields_index:
                         continue
 
-                    add_column_if_needed(
-                        mappings, column, column, result_columns, result_columns_index
-                    )
+                    unested_results = get_flatten_results({column: h[fields_parameter_name][column]})
 
-                    value = h[column_name][column]
-                    row[column] = (
-                        value[0]
-                        if isinstance(value, list) and len(value) == 1
-                        else value
-                    )
+                    for column_name, value in unested_results.items():
+                        add_column_if_needed(column_name, value=value)
+                        row[column_name] = value
 
                 result_rows.append(row)
         else:
-            raise Exception(
-                "Redash failed to parse the results it got from Elasticsearch."
-            )
-
-    def test_connection(self):
-        try:
-            r = requests.get(
-                "{0}/_cluster/health".format(self.server_url), auth=self.auth
-            )
-            r.raise_for_status()
-        except requests.HTTPError as e:
-            logger.exception(e)
-            raise Exception(
-                "Failed to execute query. Return Code: {0}   Reason: {1}".format(
-                    r.status_code, r.text
-                )
-            )
-        except requests.exceptions.RequestException as e:
-            logger.exception(e)
-            raise Exception("Connection refused")
-
+            raise Exception("Redash failed to parse the results it got from Elasticsearch.")
 
 class Kibana(BaseElasticSearch):
     @classmethod
     def enabled(cls):
         return True
 
-    def _execute_simple_query(
-        self, url, auth, _from, mappings, result_fields, result_columns, result_rows
-    ):
+    def _execute_simple_query(self, url, auth, _from, mappings, result_fields, result_columns, result_rows):
         url += "&from={0}".format(_from)
-        r = requests.get(url, auth=self.auth)
-        r.raise_for_status()
+        r, error = self.get_response(url, http_method='GET')
+        if error:
+            r.raise_for_status()
 
         raw_result = r.json()
-
-        self._parse_results(
-            mappings, result_fields, raw_result, result_columns, result_rows
-        )
+        self._parse_results(mappings, result_fields, raw_result, result_columns, result_rows)
 
         total = raw_result["hits"]["total"]
         result_size = len(raw_result["hits"]["hits"])
@@ -382,72 +350,55 @@ def _execute_simple_query(
         return raw_result["hits"]["total"]
 
     def run_query(self, query, user):
-        try:
-            error = None
-
-            logger.debug(query)
-            query_params = json_loads(query)
-
-            index_name = query_params["index"]
-            query_data = query_params["query"]
-            size = int(query_params.get("size", 500))
-            limit = int(query_params.get("limit", 500))
-            result_fields = query_params.get("fields", None)
-            sort = query_params.get("sort", None)
-
-            if not self.server_url:
-                error = "Missing configuration key 'server'"
-                return None, error
+        error = None
+        logger.debug(query)
+        query_params = json_loads(query)
 
-            url = "{0}/{1}/_search?".format(self.server_url, index_name)
-            mapping_url = "{0}/{1}/_mapping".format(self.server_url, index_name)
+        index_name = query_params.get("index", None)
+        query_data = query_params.get("query", None)
+        size = int(query_params.get("size", 500))
+        limit = int(query_params.get("limit", 500))
+        result_fields = query_params.get("_source", None)
+        sort = query_params.get("sort", None)
 
-            mappings, error = self._get_query_mappings(mapping_url)
-            if error:
-                return None, error
+        url = "/{0}/_search?".format(index_name) if index_name else "/_search?"
+        mapping_url = "/{0}/_mapping".format(index_name) if index_name else "/_mapping"
 
-            if sort:
-                url += "&sort={0}".format(urllib.parse.quote_plus(sort))
+        mappings, error = self._get_query_mappings(mapping_url)
+        if error:
+            return None, error
 
+        if sort:
+            url += "sort={0}".format(urllib.parse.quote_plus(sort))
+        if query_data:
             url += "&q={0}".format(urllib.parse.quote_plus(query_data))
 
-            logger.debug("Using URL: {0}".format(url))
-            logger.debug("Using Query: {0}".format(query_data))
-
-            result_columns = []
-            result_rows = []
-            if isinstance(query_data, str):
-                _from = 0
-                while True:
-                    query_size = size if limit >= (_from + size) else (limit - _from)
-                    total = self._execute_simple_query(
-                        url + "&size={0}".format(query_size),
-                        self.auth,
-                        _from,
-                        mappings,
-                        result_fields,
-                        result_columns,
-                        result_rows,
-                    )
-                    _from += size
-                    if _from >= limit:
-                        break
-            else:
-                # TODO: Handle complete ElasticSearch queries (JSON based sent over HTTP POST)
-                raise Exception("Advanced queries are not supported")
-
-            json_data = json_dumps({"columns": result_columns, "rows": result_rows})
-        except requests.HTTPError as e:
-            logger.exception(e)
-            error = "Failed to execute query. Return Code: {0}   Reason: {1}".format(
-                r.status_code, r.text
-            )
-            json_data = None
-        except requests.exceptions.RequestException as e:
-            logger.exception(e)
-            error = "Connection refused"
-            json_data = None
+        logger.debug("Using URL: {0}".format(url))
+        logger.debug("Using Query: {0}".format(query_data))
+
+        result_columns = []
+        result_rows = []
+        if isinstance(query_data, str):
+            _from = 0
+            while True:
+                query_size = size if limit >= (_from + size) else (limit - _from)
+                total = self._execute_simple_query(
+                    url + "&size={0}".format(query_size),
+                    self.auth,
+                    _from,
+                    mappings,
+                    result_fields,
+                    result_columns,
+                    result_rows,
+                )
+                _from += size
+                if _from >= limit:
+                    break
+        else:
+            # TODO: Handle complete ElasticSearch queries (JSON based sent over HTTP POST)
+            raise Exception("Advanced queries are not supported")
 
+        json_data = json_dumps({"columns": result_columns, "rows": result_rows})
         return json_data, error
 
 
@@ -461,55 +412,31 @@ def name(cls):
         return "Elasticsearch"
 
     def run_query(self, query, user):
-        try:
-            error = None
-
-            logger.debug(query)
-            query_dict = json_loads(query)
-
-            index_name = query_dict.pop("index", "")
-            result_fields = query_dict.pop("result_fields", None)
-
-            if not self.server_url:
-                error = "Missing configuration key 'server'"
-                return None, error
-
-            url = "{0}/{1}/_search".format(self.server_url, index_name)
-            mapping_url = "{0}/{1}/_mapping".format(self.server_url, index_name)
-
-            mappings, error = self._get_query_mappings(mapping_url)
-            if error:
-                return None, error
+        error = None
+        logger.debug(query)
+        query_dict = json_loads(query)
 
-            logger.debug("Using URL: %s", url)
-            logger.debug("Using query: %s", query_dict)
-            r = requests.get(url, json=query_dict, auth=self.auth)
-            r.raise_for_status()
-            logger.debug("Result: %s", r.json())
+        index_name = query_dict.pop("index", "")
+        result_fields = query_dict.pop("_source", None)
 
-            result_columns = []
-            result_rows = []
-            self._parse_results(
-                mappings, result_fields, r.json(), result_columns, result_rows
-            )
+        mapping_url = "/{0}/_mapping".format(index_name) if index_name else "/_mapping"
+        mappings, error = self._get_query_mappings(mapping_url)
+        if error:
+            return None, error
 
-            json_data = json_dumps({"columns": result_columns, "rows": result_rows})
-        except (KeyboardInterrupt, JobTimeoutException):
-            logger.exception(e)
-            raise
-        except requests.HTTPError as e:
-            logger.exception(e)
-            error = "Failed to execute query. Return Code: {0}   Reason: {1}".format(
-                r.status_code, r.text
-            )
-            json_data = None
-        except requests.exceptions.RequestException as e:
-            logger.exception(e)
-            error = "Connection refused"
-            json_data = None
+        url = "/{0}/_search".format(index_name) if index_name else "/_search"
+        logger.debug("Using URL: %s", url)
+        logger.debug("Using query: %s", query_dict)
+        response, error = self.get_response(url, http_method='GET', json=query_dict)
+        if error:
+            return None, error
+        logger.debug("Result: %s", response.json())
 
+        result_columns = []
+        result_rows = []
+        self._parse_results(mappings, result_fields, response.json(), result_columns, result_rows)
+        json_data = json_dumps({"columns": result_columns, "rows": result_rows})
         return json_data, error
 
-
 register(Kibana)
-register(ElasticSearch)
+register(ElasticSearch)
\ No newline at end of file
diff --git a/redash/settings/__init__.py b/redash/settings/__init__.py
index 52fd066e7b..c79ab49ba5 100644
--- a/redash/settings/__init__.py
+++ b/redash/settings/__init__.py
@@ -158,6 +158,11 @@
 GOOGLE_CLIENT_SECRET = os.environ.get("REDASH_GOOGLE_CLIENT_SECRET", "")
 GOOGLE_OAUTH_ENABLED = bool(GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET)
 
+MICROSOFT_TENANT_ID = os.environ.get("REDASH_MICROSOFT_TENANT_ID", "")
+MICROSOFT_CLIENT_ID = os.environ.get("REDASH_MICROSOFT_CLIENT_ID", "")
+MICROSOFT_CLIENT_SECRET = os.environ.get("REDASH_MICROSOFT_CLIENT_SECRET", "")
+MICROSOFT_OAUTH_ENABLED = bool(MICROSOFT_CLIENT_ID and MICROSOFT_CLIENT_SECRET and MICROSOFT_TENANT_ID)
+
 # If Redash is behind a proxy it might sometimes receive a X-Forwarded-Proto of HTTP
 # even if your actual Redash URL scheme is HTTPS. This will cause Flask to build
 # the SAML redirect URL incorrect thus failing auth. This is especially common if
diff --git a/redash/templates/invite.html b/redash/templates/invite.html
index 21705c79a4..728f287072 100644
--- a/redash/templates/invite.html
+++ b/redash/templates/invite.html
@@ -6,7 +6,7 @@
 <div class="fixed-width-page">
   <div class="bg-white tiled">
     <div class="m-b-25">
-      {% if show_google_openid or show_saml_login or show_remote_user_login or show_ldap_login %}
+      {% if show_google_openid or show_microsoft_openid or show_saml_login or show_remote_user_login or show_ldap_login %}
         To create your account, please choose a password or login with your SSO provider.
       {% else %}
         To create your account, please choose a password.
@@ -28,6 +28,13 @@
       </a>
     {% endif %}
 
+    {% if show_microsoft_openid %}
+      <a href="{{ microsoft_auth_url }}" class="login-button btn btn-default btn-block">
+        <img src="/static/images/microsoft_logo.svg">
+        Login with Office365
+      </a>
+    {% endif %}
+
     {% if show_saml_login %}
       <a href="{{ url_for('saml_auth.sp_initiated', org_slug=org_slug) }}" class="login-button btn btn-default btn-block">SAML Login</a>
     {% endif %}
@@ -40,7 +47,7 @@
       <a href="{{ url_for('ldap_auth.login') }}" class="login-button btn btn-default btn-block">LDAP/SSO Login</a>
     {% endif %}
 
-    {% if show_google_openid or show_saml_login or show_remote_user_login or show_ldap_login %}
+    {% if show_google_openid or show_microsoft_openid or show_saml_login or show_remote_user_login or show_ldap_login %}
       <hr>
     {% endif %}
 
diff --git a/redash/templates/login.html b/redash/templates/login.html
index 71bc8b4aec..7c9f6218b0 100644
--- a/redash/templates/login.html
+++ b/redash/templates/login.html
@@ -20,6 +20,13 @@
       </a>
     {% endif %}
 
+    {% if show_microsoft_openid %}
+      <a href="{{ microsoft_auth_url }}" class="login-button btn btn-default btn-block">
+        <img src="/static/images/microsoft_logo.svg">
+        Login with Office365
+      </a>
+    {% endif %}
+
     {% if show_saml_login %}
       <a href="{{ url_for('saml_auth.sp_initiated', org_slug=org_slug, next=next) }}" class="login-button btn btn-default btn-block">SAML Login</a>
     {% endif %}
@@ -33,7 +40,7 @@
     {% endif %}
 
     {% if show_password_login %}
-    {% if show_google_openid or show_saml_login or show_remote_user_login or show_ldap_login %}
+    {% if show_google_openid or show_microsoft_openid or show_saml_login or show_remote_user_login or show_ldap_login %}
       <hr>
     {% endif %}
 
diff --git a/tests/handlers/test_settings.py b/tests/handlers/test_settings.py
index 6c9e33b9a9..b9872549c3 100644
--- a/tests/handlers/test_settings.py
+++ b/tests/handlers/test_settings.py
@@ -47,3 +47,23 @@ def test_get_returns_google_appas_domains(self):
 
         rv = self.make_request("get", "/api/settings/organization", user=admin)
         self.assertEqual(rv.json["settings"]["auth_google_apps_domains"], domains)
+
+    def test_updates_microsoft_apps_domains(self):
+        admin = self.factory.create_admin()
+        domains = ["example.com"]
+        rv = self.make_request(
+            "post",
+            "/api/settings/organization",
+            data={"auth_microsoft_apps_domains": domains},
+            user=admin,
+        )
+        updated_org = Organization.get_by_slug(self.factory.org.slug)
+        self.assertEqual(updated_org.microsoft_apps_domains, domains)
+
+    def test_get_returns_microsoft_appas_domains(self):
+        admin = self.factory.create_admin()
+        domains = ["example.com"]
+        admin.org.settings[Organization.SETTING_MICROSOFT_APPS_DOMAINS] = domains
+
+        rv = self.make_request("get", "/api/settings/organization", user=admin)
+        self.assertEqual(rv.json["settings"]["auth_microsoft_apps_domains"], domains)
\ No newline at end of file
diff --git a/tests/test_authentication.py b/tests/test_authentication.py
index 91be52ea76..9004a84995 100644
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@@ -11,7 +11,9 @@
     hmac_load_user_from_request,
     sign,
 )
-from redash.authentication.google_oauth import create_and_login_user, verify_profile
+from redash.authentication import create_and_login_user
+from redash.authentication.google_oauth import verify_profile as google_verify_profile
+from redash.authentication.microsoft_oauth import verify_profile as microsoft_verify_profile
 from redash.utils import utcnow
 from sqlalchemy.orm.exc import NoResultFound
 from tests import BaseTestCase
@@ -201,33 +203,54 @@ def test_updates_user_name(self):
 class TestVerifyProfile(BaseTestCase):
     def test_no_domain_allowed_for_org(self):
         profile = dict(email="arik@example.com")
-        self.assertFalse(verify_profile(self.factory.org, profile))
+        self.assertFalse(google_verify_profile(self.factory.org, profile))
+        self.assertFalse(microsoft_verify_profile(self.factory.org, profile))
 
     def test_domain_not_in_org_domains_list(self):
         profile = dict(email="arik@example.com")
         self.factory.org.settings[models.Organization.SETTING_GOOGLE_APPS_DOMAINS] = [
             "example.org"
         ]
-        self.assertFalse(verify_profile(self.factory.org, profile))
+        self.assertFalse(google_verify_profile(self.factory.org, profile))
+        self.factory.org.settings[models.Organization.SETTING_MICROSOFT_APPS_DOMAINS] = [
+            "example.org"
+        ]
+        self.assertFalse(microsoft_verify_profile(self.factory.org, profile))
+
 
     def test_domain_in_org_domains_list(self):
         profile = dict(email="arik@example.com")
         self.factory.org.settings[models.Organization.SETTING_GOOGLE_APPS_DOMAINS] = [
             "example.com"
         ]
-        self.assertTrue(verify_profile(self.factory.org, profile))
+        self.assertTrue(google_verify_profile(self.factory.org, profile))
 
         self.factory.org.settings[models.Organization.SETTING_GOOGLE_APPS_DOMAINS] = [
             "example.org",
             "example.com",
         ]
-        self.assertTrue(verify_profile(self.factory.org, profile))
+        self.assertTrue(google_verify_profile(self.factory.org, profile))
+
+        self.factory.org.settings[models.Organization.SETTING_MICROSOFT_APPS_DOMAINS] = [
+            "example.com"
+        ]
+        self.assertTrue(microsoft_verify_profile(self.factory.org, profile))
+
+        self.factory.org.settings[models.Organization.SETTING_MICROSOFT_APPS_DOMAINS] = [
+            "example.org",
+            "example.com",
+        ]
+        self.assertTrue(microsoft_verify_profile(self.factory.org, profile))
+
 
     def test_org_in_public_mode_accepts_any_domain(self):
         profile = dict(email="arik@example.com")
         self.factory.org.settings[models.Organization.SETTING_IS_PUBLIC] = True
         self.factory.org.settings[models.Organization.SETTING_GOOGLE_APPS_DOMAINS] = []
-        self.assertTrue(verify_profile(self.factory.org, profile))
+        self.assertTrue(google_verify_profile(self.factory.org, profile))
+        self.factory.org.settings[models.Organization.SETTING_MICROSOFT_APPS_DOMAINS] = []
+        self.assertTrue(microsoft_verify_profile(self.factory.org, profile))
+
 
     def test_user_not_in_domain_but_account_exists(self):
         profile = dict(email="arik@example.com")
@@ -235,7 +258,11 @@ def test_user_not_in_domain_but_account_exists(self):
         self.factory.org.settings[models.Organization.SETTING_GOOGLE_APPS_DOMAINS] = [
             "example.org"
         ]
-        self.assertTrue(verify_profile(self.factory.org, profile))
+        self.assertTrue(google_verify_profile(self.factory.org, profile))
+        self.factory.org.settings[models.Organization.SETTING_MICROSOFT_APPS_DOMAINS] = [
+            "example.org"
+        ]
+        self.assertTrue(microsoft_verify_profile(self.factory.org, profile))
 
 
 class TestGetLoginUrl(BaseTestCase):
diff --git a/tests/test_cli.py b/tests/test_cli.py
index 537c83d03d..ddc4fd4414 100644
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -360,6 +360,33 @@ def test_show_google_apps_domains(self):
         """
         self.assertMultiLineEqual(result.output, textwrap.dedent(output).lstrip())
 
+    def test_set_microsoft_apps_domains(self):
+        domains = ["example.org", "example.com"]
+        runner = CliRunner()
+        result = runner.invoke(
+            manager, ["org", "set_microsoft_apps_domains", ",".join(domains)]
+        )
+        self.assertFalse(result.exception)
+        self.assertEqual(result.exit_code, 0)
+        db.session.add(self.factory.org)
+        self.assertEqual(self.factory.org.microsoft_apps_domains, domains)
+
+    def test_show_microsoft_apps_domains(self):
+        self.factory.org.settings[Organization.SETTING_MICROSOFT_APPS_DOMAINS] = [
+            "example.org",
+            "example.com",
+        ]
+        db.session.add(self.factory.org)
+        db.session.commit()
+        runner = CliRunner()
+        result = runner.invoke(manager, ["org", "show_microsoft_apps_domains"])
+        self.assertFalse(result.exception)
+        self.assertEqual(result.exit_code, 0)
+        output = """
+        Current list of Microsoft Apps domains: example.org, example.com
+        """
+        self.assertMultiLineEqual(result.output, textwrap.dedent(output).lstrip())
+
     def test_list(self):
         self.factory.create_org(name="test", slug="test_org")
         self.factory.create_org(name="Borg", slug="B_org")