Microsoft Connector

The Microsoft connector supports:

• Entra ID - for resolving user mappings across apps as an Identity Provider
• SharePoint - for indexing sites, docs, spreadsheets, slides, and other files
• Teams - for indexing channels, chat, and messages
• OneDrive - for indexing docs, spreadsheets, slides, and other files
• Outlook - for indexing emails and calendar events

Installing the Microsoft Connector

First, you must create a new App Registration within Microsoft Azure. If you are using Entra ID as an identity provider, then you already created an app registration that can be reused for API access. If you have not done this step, refer to Entra ID - Create New App Registration.

With the app registration created, click on API Permissions and add a permission:

• Select Microsoft Graph
• Type of permission is Application Permissions
• Search for and add the following:
  • Application.Read.All
  • Group.Read.All
  • GroupMember.Read.All
  • User.Read.All
  • Directory.Read.All (If wishing to omit this scope, configure Entra ID source with disable_full_permissions: true)
• If necessary, add the additional permissions that are necessary if you are using the SharePoint connector, Teams connector, OneDrive connector, or Outlook connector.
• Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

Provide Configuration

Provide the following values to your Deployment Engineer for them to configure in Atolio:

• ClientCert is the base 64-encoded content of the .PFX file obtained in Azure AD - Create New App Registration
• ClientCertPassword is the certificate’s private key password, if required
• TenantId is the Directory (tenant) ID the app registration belongs to
• ClientId is the Application (client) ID