This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Microsoft Connector

Integrate with Entra ID for user mappings. Index SharePoint sites and Teams channels.

The Microsoft connector supports:

  • Entra ID - for resolving user mappings across apps as an Identity Provider
  • SharePoint - for indexing sites, docs, spreadsheets, slides, and other files
  • Teams - for indexing channels, chat, and messages
  • OneDrive - for indexing docs, spreadsheets, slides, and other files
  • Outlook - for indexing emails and calendar events

Installing the Microsoft Connector

First, you must create a new App Registration within Microsoft Azure. If you are using Entra ID as an identity provider, then you already created an app registration that can be reused for API access. If you have not done this step, refer to Entra ID - Create New App Registration.

With the app registration created, click on API Permissions and add a permission:

  • Select Microsoft Graph
  • Type of permission is Application Permissions
  • Search for and add the following:
    • Application.Read.All
    • Group.Read.All
    • GroupMember.Read.All
    • User.Read.All
    • Directory.Read.All (If wishing to omit this scope, configure Entra ID source with disable_full_permissions: true)
  • If necessary, add the additional permissions that are necessary if you are using the SharePoint connector, Teams connector, OneDrive connector, or Outlook connector.
  • Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

Provide Configuration

Provide the following values to your Deployment Engineer for them to configure in Atolio:

  • ClientCert is the base 64-encoded content of the .PFX file obtained in Azure AD - Create New App Registration
  • ClientCertPassword is the certificate’s private key password, if required
  • TenantId is the Directory (tenant) ID the app registration belongs to
  • ClientId is the Application (client) ID

1 - OneDrive Connector Setup

Provide necessary API permissions to index OneDrive files.

Index OneDrive files by granting the necessary API Permissions in your App Registration.

Grant OneDrive API Permissions

After following the steps in Entra ID - Create New App Registration to create a new App Registration, you will need to add additional API permissions to index OneDrive resources.

In addition to the Entra ID permissions listed in the Microsoft Connector for the Microsoft Graph, you will also need:

  • Under Microsoft Graph API:
    • Files.Read.All
  • Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

Determine Indexing Scope

If you have many drives, it may be worth using the includes feature explained in the Common Fields: Resources section to index only the relevant drives.

An example inclusion/exclusion configuration will look like the following:

resources:
  group:
    excluded:
      - secret-group@example.com # Ignore drives whose sole owner is "secret-group"
    included:
      - public-group@example.com # Index drives accessible by "public-group"
  user:
    excluded:
      - secret-user@example.com # Ignore drives whose sole owner is "secret-user"

2 - Outlook Connector Setup

Provide necessary API permissions to index Outlook emails and calendar events.

Index Outlook emails and events by granting the necessary API Permissions in your App Registration.

Grant Outlook API Permissions

After following the steps in Entra ID - Create New App Registration to create a new App Registration, you will need to add additional API permissions to index Outlook resources.

In addition to the Entra ID permissions listed in the Microsoft Connector for the Microsoft Graph, you will also need:

  • Under Microsoft Graph API:
    • Mail.Read
    • Calendars.Read
    • MailboxSettings.Read
    • Domain.Read.All
  • Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

Determine Indexing Scope

If you have many mailboxes, it may be worth using the includes feature explained in the Common Fields: Resources section to index only the relevant mailboxes.

An example inclusion/exclusion configuration will look like the following:

resources:
  user:
    excluded:
      - secret-user@example.com  # Ignore mailboxes of secret-user@example.com

Manually Specify Email Address Domains

If email address domains of your organization are already listed in MS Graph API /domains query, you can skip this step.

For Atolio to identify contributors of Outlook resources correctly, a list of email address domains must be known. If users in your organization have email addresses like user1@some-domain.com and user2@other-domain.com, this list should consist of some-domain.com, and other-domain.com.

You can manually specify an email address domain list as part of your configuration in the following format:

known-domains:
  - some-domain.com
  - other-domain.com

3 - SharePoint Connector Setup

Provide necessary API permissions to index SharePoint sites.

Index SharePoint sites, pages, and files by granting the necessary API Permissions in your App Registration.

Grant SharePoint API Permissions

After following the steps in Entra ID - Create New App Registration to create a new App Registration, you will need to add additional API permissions to index SharePoint resources.

In addition to the Entra ID permissions listed in the Microsoft Connector for the Microsoft Graph, you will also need:

  • Under Microsoft Graph API:
    • Files.Read.All
    • Sites.Read.All
  • Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

Determine Indexing Scope

If you have many SharePoint sites, it may be worth using the includes feature explained in the Common Fields: Resources section to index only the relevant sites.

4 - Teams Connector Setup

Provide necessary API permissions to index Teams channels.

Index Teams channels, chat, and messages by granting the necessary API Permissions in your App Registration.

Grant API Permissions for Microsoft Teams

After following the steps in Entra ID - Create New App Registration to create a new App Registration, you will need to add additional API permissions to index Teams resources.

In addition to the Entra ID permissions listed in the Microsoft Connector for the Microsoft Graph, you will also need:

  • Under Microsoft Graph API:
    • Channel.ReadBasic.All
    • ChannelMember.Read.All
    • ChannelMessage.Read.All
    • Chat.Read.All
    • ChatMember.Read.All
    • ChatMessage.Read.All
    • Team.ReadBasic.All
    • TeamMember.Read.All
  • Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

Determine Indexing Scope

If you have many teams, it may be worth using the includes feature explained in the Common Fields: Resources section to index only the relevant teams.

Limitations

  • Only first 1000 replies to a channel post will be indexed, due to limitations with the Microsoft API.