SharePoint Connector Setup
Index SharePoint sites, pages, and files by granting the necessary API Permissions in your App Registration.
Grant SharePoint API Permissions
After following the steps in Entra ID - Create New App Registration to create a new App Registration, you will need to add additional API permissions to index SharePoint resources.
In addition to the Entra ID permissions listed in the Microsoft Connector for the Microsoft Graph
, you will also need:
- Under
Microsoft Graph
API:- Files.Read.All
- Sites.Read.All
- Once added, select
Grant admin consent for ...
where...
is your tenant name. This link is beside theAdd a permission
link.
SharePoint Site Groups & Associated Permissions
Many SharePoint sites are deployed without connecting to Microsoft Office 365 groups. Microsoft treats certain SharePoint configurations as unsupported unless managed through Office 365 groups. For Atolio to index correct permissions on non-O365 managed sites, the Sites.FullControl.All
permission is required. Communication Sites commonly fall into this category. For more information on connecting sites to O365 groups, see Microsoft’s documentation.
Atolio can index these sites if Sites.FullControl.All
permission is set on your App Registration. This is the least privileged permission available for read access to the SharePoint API. Atolio never writes back to the SharePoint API.
When configuring the connector for non-O365 group sites:
- Set
Sites.FullControl.All
permissions on the App Registration, specifically within the SharePoint API. (see below screenshot) - Set
IndexSharePointPermissions
configuration to true
All other configuration and certificates remain the same.
Determine Indexing Scope
If you have many SharePoint sites, it may be worth using the includes
feature explained in the Common Fields: Resources section to index only the relevant sites. Example:
resources;
site:
included:
- atoliotech.sharepoint.com/sites/Atolio-FSCJ/