Documentation forAccess Rights Manager

Add a SharePoint Online resource

To successfully add a SharePoint Online resource to ARM, you must have completed the preparation (app registration) as described in the chapter "Required Accounts and Permissions for a SharePoint Scan".

Please note that SharePoint Online requires a specific app registration. You can not use the credentials from the app registration for Azure AD, Teams, and OneDrive or Exchange Online.

When you have completed the preparation, launch the ARM configuration application and click Scans.

 

Click the button to add a SharePoint Online resource.

 

Specify the credentials for the "Process Account". Recommended: Leave the input fields empty and click Apply. ARM uses this way the service account from the basic configuration.

The account is not used to scan the SharePoint elements. The scan account will be set up in a later step.

 

Click the link.

 

  1. Recommended: Enter the app ID. Optional: Enter the user name of the service account.
  2. Recommended: Enter the value of the client secret. Optional: Enter the password of the service account.
  3. Enter the tenant. See the next section, "Identify the SharePoint Online tenant".
  4. Click Apply.

 

Identify the SharePoint Online tenant

  1. Log in as an administrator at portal.azure.com.

  2. Click Azure Active Directory > Custom domain names.

You will see a list of available domain names that you can enter as a tenant. Recommended: Use the domain name ending with ".onmicrosoft.com", for example, "yourcompany.onmicrosoft.com".

 

Enter the SharePoint Online "Admin URL". The URL always has the syntax "https://tenant-admin.sharepoint.com", whereby tenant must be replaced by the desired tenant name. See also the chapter Identifying the SharePoint Online Admin URL.

Confirm the input with the Enter key.

Entering the Share Point Online "Admin URL" is only possible from version 2020.2.4 on. We strongly recommend to use this method. For compatibility reasons it is also possible to enter the Website Collection URL, but then a scan configuration must be created for each Website Collection.

It is not possible to change the URL afterwards. To use a different URL, you must create a new configuration and delete the old one if necessary.

 

  1. Activate the desired element by activating the check box.
  2. Select a collector to run the scan through. If you configure multiple collectors, ARM automatically decides which collector to use to perform the scan based on the collector's CPU and RAM usage. The scan is always executed over only one collector.

Please note that the executing collector server needs an internet connection for the scan.

  1. Click Apply.

 

Click on the link to select the elements to be included in the scan.

 

  1. Select the items to be scanned.

  2. Click Apply.

 

You have successfully created a SharePoint Online scan configuration. The symbols (arrows) indicate that the additional options still need to be set. This procedure is identical for SharePoint Online and SharePoint on-premise and is described in the chapter Configuring additional SharePoint properties.

How to customize a SharePoint Online scan configuration is described in the chapter Customize a SharePoint Scan Configuration.