Documentation forAccess Rights Manager

Prepare the Microsoft 365 integration

Access Rights Manager uses the Microsoft Graph API to access Azure AD and OneDrive.

The following permissions are required:

  • Application.ReadWrite.OwnedBy
  • Directory.ReadWrite.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • Member.Read.Hidden
  • User.ReadWrite.All
  • Sites.FullControl.All
  • User.Invite.All

 

Access Rights Manager uses the Office 365 Management API to access OneDrive and SharePoint Online events.

To retrieve events, Office 365 auditing must be enabled. How to enable auditing can be found at Microsoft.

The following permissions are required:

  • ActivityFeed.Read
  • ServiceHealth.Read

 

Please note that additional apps may need to be registered to access SharePoint Online and Exchange Online. See the chapters "Required accounts and permissions for a SharePoint scan" and "Prepare Exchange resources".

 

To assign the required permissions, perform the following steps.

 

Screenshots property of © 2020 Microsoft.

Go to the Azure Portal Website (https://ms.portal.azure.com) and log in with admin credentials.

Click Azure Active Directory.

 

Screenshots property of © 2020 Microsoft.

Click App registrations.

 

Screenshots property of © 2020 Microsoft.

Add a new app registration.

 

Screenshots property of © 2020 Microsoft.

  1. Assign a name to the registration.
  2. Click Register.

 

Screenshots property of © 2020 Microsoft.

  1. Click Overview.
  2. Copy the Application ID to a file. The Application ID will later be used as the user name to access Azure/Microsoft 365 resources.
  3. Click Certificates & secrets.

 

Screenshots property of © 2020 Microsoft.

Click New client secret.

 

Screenshots property of © 2020 Microsoft.

  1. Enter a description.
  2. Set an expiration date.
  3. Click Add.

 

Screenshots property of © 2020 Microsoft.

Save the Value to a file. The Value of the Client secret will later be used as the password to access Azure/Microsoft 365 resources.

 

Screenshots property of © 2020 Microsoft.

Click API permissions.

 

Screenshots property of © 2020 Microsoft.

Click Add a permission.

 

Screenshots property of © 2020 Microsoft.

Click Microsoft Graph.

 

Screenshots property of © 2020 Microsoft.

Click Application permissions.

 

Screenshots property of © 2020 Microsoft.

  1. Enable all of the following permissions:
  • Application.ReadWrite.OwnedBy
  • Directory.ReadWrite.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • Member.Read.Hidden
  • User.ReadWrite.All
  • Sites.FullControl.All
  • User.Invite.All
  1. Save your settings.

 

Screenshots property of © 2020 Microsoft.

  1. Click Add a permission.

  2. Click Office 365 Management APIs.

 

Screenshots property of © 2020 Microsoft.

  1. Click Application permissions.

  2. Enable all of the following permissions:

    • ServiceHealth.Read

    • ActivityFeed.Read

  3. Save your settings.

 

Screenshots property of © 2020 Microsoft.

  1. Click "Grant admin consent for...".

  2. Confirm the dialog box.

 

Screenshots property of © 2020 Microsoft.

If the approval has been given successfully, the Application ID and Client secret can be used to configure Azure resources in ARM.