Indexing an Office 365 source
This document should be read along with the information listed in Section 10.2 of the Intella User Manual in regards to connecting to an Office 365 source.
Connect to Online Office 365
The Office 365 source type allows for retrieving both user account and user groups. For each user account used to access Office 365, the source can retrieve data from Outlook, OneDrive, and SharePoint. For each user group, the source retrieves titled conversations containing emails.
For Outlook, the source retrieves all folders (both standard and user-defined) and all emails therein. For OneDrive, the source retrieves all folders and all files.
The Office 365 source uses the Microsoft Graph API to connect to Office 365 and retrieve its resources. There are two ways in which a connection can be made: as a user and as an application. A user login allows for the retrieval of that user’s resources only. An application login allows for the retrieval of the resources of selected or all users.
Depending on the connection type used, the Microsoft Graph service uses a different group of privileges to control access to the Office 365 resources. For both connection types, it is required to grant admin consent after assigning the privileges.
Before using Intella to index the Office 365 data, you need to configure Office 365 in the Azure portal so that Intella can access the data. Note that Intella can only access the resource if there are adequate permissions to access the account and content. Below are some issues that have been reported to us. These issues are all related to the Azure portal where the Office 365 permissions have not being set correctly.
You get an error (similar to below) when using the 'Connect to Office 365' option in Intella's Add new source wizard.
The 'Connect to Office 365' option in the Add new source wizard completes successfully, but you can not index any data from the account.
You can connect to the account with no issues, and you can index data in the account with no issues, but Intella indexes other data associated with the account which should not be indexed.
Intella will be able to index an Office 365 source provided that the permissions are set correctly. The Office 365 permissions are to do with the account on the Azure portal, and therefore, the user must manage these connectors and permission themselves. This is something that Intella can not do. Below is a guide on how to grant Intella access to Office 365 as a user. Please note that this guide is a conservative measure to ensure that Intella has ample permissions to access all aspects of the account, so that it can index the data. This guide may have more permissions/access set in Azure than what is minimally required for the purpose that you want to use. It is up to the user to set the correct permissions for the required access to the Office 365 account within the Azure portal.
Note that Intella reads the data through the Microsoft Graph API. No write permissions are required, and Intella does this in read only mode.
Go to https://portal.azure.com and login using the Office 365 admin credentials.
Select Azure Active Directory option in the sidebar menu. The Active Directory overview page will be shown.
In the subsequent sidebar submenu select the App registrations option.
Click the New application registration button.
The Create form will be shown.
Enter a name for your application in the Name field (e.g. Office365crawler).
In the "Redirect URI" section, select Native in the drop-down list.
Set an artificial redirect URL in the second field (e.g. https://localhost/office365/crawler).
Finally, click on the Register button.
The newly created application will appear in the App Registrations result table, as shown in the following figure.
Click on the application name in order to see the application's Properties page.
The Properties for the new application will be shown.
This page shows the Application ID. The Application ID is required by Intella when connecting to a Office 365 source.
Record this ID as we will need it later when adding the source in Intella.
Click on the View API Permissions button, as indicated by the arrow in the screen above.
By default there is a User.Read privilege added for the Microsoft Graph API.
We now need to add additional access permissions to the APIs for Microsoft Graph and Office 365 Online.
Click the Add a permission button.
A new panel will open after pressing the Add a permission button.
Click on the Microsoft Graph option.
Select the Delegated permissions option from the list.
The list of permissions will appear in the "Select permissions" section of the "Request API permissions page".
For connecting to an Office 365 source, set the following permissions:
By design, Intella invokes only Read and Sign in operations, so no data in Office 365 will be changed, even if Write permissions are chosen. However, Read and Read.All privileges must be granted in order to allow Intella to download the corresponding elements.
Note: These are the correct permission settings at the time of this writing. Over the last year we have seen several changes to the Azure management portal and related permissions. If you have access or connection issues, you may not have granted enough permissions to access the source. You should troubleshoot this by checking whether new permissions, relevant to Office 365, have been added to Azure, or whether there have been any changes to the current permissions mentioned above.
Finally, click the Update permissions button to complete the configuration of the permissions for the selected API.
After adding all required permissions to the list, you need to grant admin consent for the permissions.
Please click on the 'Grant admin consent' button on the 'API permissions' page.
Now that you have configured access to a Office 365 account, you can use the Add new wizard, with the 'Office 365' option, in Intella to index the Office 365 data. Remember that you will need your login credentials, and the Application ID to connect to a Office 365 source.