Documentation forAccess Rights Manager

Add a SharePoint Online resource

Complete the app registration preparation first before you add a SharePoint Online resource to ARM. See Required Accounts and Permissions for a SharePoint Scan for instructions.

SharePoint Online requires a specific app registration. You cannot use the credentials from the app registration for Azure AD, Teams, and OneDrive or Exchange Online.

When the app registration is completed, perform the following steps:

  1. Identify the SharePoint Online tenant name.

    1. Log in to the Microsoft Azure website at portal.azure.com as an administrator.

    2. Click Azure Active Directory > Custom domain names.

      A list of domain names display that you can use as a tenant.

    3. Select a domain name ending in .onmicrosoft.com.

      For example:

      yourcompany.onmicrosoft.com

    4. Record this name for a later step.

    5. Log out of Microsoft Azure.

  2. Start the Configuration application.

  3. Click Scans.

  4. Click SharePoint Online.

  5. Click the option to add a SharePoint Online resource.

  6. In the Process Credentials dialog box, you are prompted to enter process account credentials. SolarWinds recommends leaving the input fields empty and click Apply. ARM will use the service account from the basic configuration.

    The account is not used to scan the SharePoint elements. The scan account will be set up in a later step.

  7. Click the link in the SharePoint Online selection dialog box.

  8. Enter your credentials in the SharePoint Online Credentials dialog box.

    1. In the Username/App-ID field enter the app ID. Optionally, you can enter the user name of the service account.

    2. In the Password/Client Secret field, enter the value of the client secret. Optionally, you can enter the service account password.

    3. In the Tenant field, enter the tenant name you retrieved from the Microsoft Azure website in step 1.

    4. Click Apply.

  9. In the SharePoint Online Selection dialog box, select the resource and assigned collector.

    1. In the Name field, enter the correct SharePoint Online Admin URL and press Enter.

      The URL includes the syntax https://tenant-admin.sharepoint.com, where tenant is replaced by the desired tenant name. See Identifying the SharePoint Online Admin URL for more information.

      You can enter the Share Point Online "Admin URL". SolarWinds strongly recommends this method. For compatibility reasons it is also possible to enter the Website Collection URL, but then a scan configuration must be created for each Website Collection.

      After you enter the URL, it cannot be changed. To use a different URL, create a new configuration and delete the old configuration.
      This requirement applies to ARM 2020.2.4 and later. SolarWinds recommends using this method. For compatibility reasons, you can enter the Website Collection URL.  However, a scan configuration must be created for each website collection.

    2. Select the checkbox next to the URL to activate the resource.

    3. Under Assigned Collectors, select the checkbox next to the collector that runs the scan. Ensure that this collector includes an Internet connection to run the scan.

      If you configure multiple collectors, ARM automatically decides which collector to use to perform the scan based on the collector CPU and RAM usage. The scan is always executed using one collector.

    4. Click Apply.

  10. In the Scans page, click the link highlighted below to select the elements to include in the scan.

  11. Select the items to include in the scan, and then click Apply.

    The SharePoint Online scan configuration is completed. The warning symbols indicate that the additional options need to be set. This procedure is identical a SharePoint Online and SharePoint on-premise configuration.

    See Configuring additional SharePoint properties for instructions.

    See Customize a SharePoint Scan Configuration for instructions on how to customize a SharePoint Online configuration.