SharePoint Connector Setup

Index SharePoint sites, pages, and files by granting the necessary API Permissions in your App Registration.

Grant SharePoint API Permissions

After following the steps in Entra ID - Create New App Registration to create a new App Registration, you will need to add additional API permissions to index SharePoint resources.

In addition to the Entra ID permissions listed in the Microsoft Connector for the Microsoft Graph, you will also need:

• Under Microsoft Graph API:
  • Files.Read.All
  • Sites.Read.All
• Once added, select Grant admin consent for ... where ... is your tenant name. This link is beside the Add a permission link.

SharePoint Site Groups & Associated Permissions

Many SharePoint sites are deployed without connecting to Microsoft Office 365 groups. Microsoft treats certain SharePoint configurations as unsupported unless managed through Office 365 groups. For Atolio to index correct permissions on non-O365 managed sites, the Sites.FullControl.All permission is required. Communication Sites commonly fall into this category. For more information on connecting sites to O365 groups, see Microsoft’s documentation.

Atolio can index these sites if Sites.FullControl.All permission is set on your App Registration. This is the least privileged permission available for read access to the SharePoint API. Atolio never writes back to the SharePoint API.

When configuring the connector for non-O365 group sites:

• Set Sites.FullControl.All permissions on the App Registration, specifically within the SharePoint API. (see below screenshot)
• Set IndexSharePointPermissions configuration to true

All other configuration and certificates remain the same.

Determine Indexing Scope

If you have many SharePoint sites, it may be worth using the includes feature explained in the Common Fields: Resources section to index only the relevant sites. Example:

resources;
  site:
    included:
      - atoliotech.sharepoint.com/sites/Atolio-FSCJ/