- Introduction to contentACCESS
- contentACCESS setup package
- contentACCESS components
- contentACCESS Tools
- Tenants in contentACCESS
- General system configurations
- Connection
- User interface
- Users in contentACCESS
- Invitations
- Roles
- Login providers
- System
- Licensing
- Notifications
- System logs — how to find out possible misconfigurations / reasons of potential system/job failures
- Configuration auditing
- Archive auditing
- Distributed environment in contentACCESS — Clusters
- Statistics
- Legal hold
- Task runner
- Indexing
- SMTP Servers
- SMTP Mappings
- Sharing job
- Sharing settings
- How to create/configure databases — All databases
- Common features
- Creating new jobs in contentACCESS
- Jobs’ page, jobs’ context menu
- Filtering in jobs
- File Archive
- Introduction to File system archive
- File archive settings
- File archive Databases
- File archive System settings
- File archive Retentions
- File archive Storages
- Root folders
- Aliases
- File archive Schedules
- Provisioning settings and managing access to contentACCESS Portal
- Remote agents (file archive)
- Global rules (remote file archive)
- Configuring aliases
- Configuration of jobs available in contentACCESS File Archive
- Configuration of File archive retention changer job
- Configuration of File system archive job
- Configuration of a File system restore job
- Configuration of File system recovery job
- Configuration of Delete job in File archive
- Configuration of File system shortcut synchronization job
- Configuration of Remote shortcutting job
- Active/inactive documents in File system archive
- Email Archive
- Important settings before creating an Email Archive job
- Database settings
- Email archive System settings
- Email archive Provisioning settings
- Retention settings
- Shortcuts in email archiving
- Storing of archived emails
- Creating email archive schedulers
- User experience
- Address book objects
- Granting access rights for mailbox users and explicit users to view the mailbox archive
- Database and store assignment in email archiving
- Mail app access
- Remote agents (email archive)
- PST import
- Creating Email archive jobs: archive, restore, recovery, delete, mailbox move, shortcut synchronizaion, shortcut repair
- Email archive job
- Email archive retention changer job
- Email restore job
- Email recovery job
- Configuration of Delete job in Email archive
- Journal post processing job
- Mailbox move job
- Shortcut synchronization job
- Shortcut repair job
- Public folder archiving
- Access to private emails and archiving them
- SMTP archiving
- SharePoint archive plugin
- SharePoint Archive settings
- SharePoint archive System settings
- Site connections in the SharePoint archive
- SharePoint archive Provisioning settings
- Shortcut configuration in SharePoint
- SharePoint archive Address book
- SharePoint Archive job configuration
- SharePoint archive retention changer job configuration
- SharePoint recovery job configuration
- Configuration of Delete job in SharePoint archive
- SharePoint Publishing job
- SharePoint in the contentACCESS Portal archive
- OneDrive archive
- GDPR plugin
- Teams archive
- Teams archive databases
- Teams archive System settings
- Teams archive Provisioning settings
- Shortcut configuration in Teams archive
- Teams archive Address book
- Teams archive Licensing
- Teams archive Jobs
- Custom plugins
- ThreatTest
- officeGATE
- contentACCESS Mobile
- Virtual drive configurations
- Teams application
- Application settings
- Terms of use
- FAQ
- Download sample for the file to be imported does not work
- Archiving is not working if MAPI is set to communicate with the Exchange server
- Virtual drive is still appearing after the uninstall
- Outlook forms problems
- Unable to open shortcuts of archived files on the server side
- Samples are not shown using 'Show sample" option in the Import dialog
- Do I need to create separate tenants for file archiving and email archiving
- What is the recommended database size for email, file and Sharepoint archiving
- The TEMP folder is running out of space when archiving big files
- The attachment could not be opened
- After updating Exchange 2013, the EWS connection might not work in contentACCESS
- If Windows authentication is not working in contentACCESS and an alias was created for contentACCESS
- contentACCESS Outlook add-in certificate issue
- Prerequisites for Microsoft 365 archiving
- PowerShell scripts for setting up Email archive
- How to reconfigure your email archive to use modern authentication for PowerShell
- Solution for Outlook security patches
- Solution for Outlook security patches through GPO
- Solution for indexing PDF files
- Microsoft 365 SuperUser mailbox configuration
- Microsoft 365 journaling
- Organizational forms
- Multifactor authentication
- Region setting
- contentACCESS Mail app installation issue
- Azure app registration for Microsoft 365 archiving
- Troubleshooting
25.26.2.Grant permissions for the SharePoint archive ↑ Back to Top
In this section, we describe step by step how to grant permissions for the SharePoint archive, which enables contentACCESS to authenticate and connect to the Microsoft Dataverse environment using a modern and more secure way of authentication.
1) Navigate to your registered application (Azure Active Directory => App registration => Owned applications => registered application [Test_app in our example] => open the application by clicking on the title). On the application details page, click the API permissions button on the left menu. When the configured permissions page loads, click the + Add permission button and select the requested API.
2) On the Request API permissions => Microsoft APIs tab, you need permissions from Microsoft Graph and SharePoint options to support all the functions of contentACCESS and other client applications (including AAD groups support in SharePoint archive).
First, let’s go through with the Microsoft Graph permissions. After selecting the option from the list, choose the Application permissions box, where the available permissions from this category will be shown.
Locate the:
- Group.Read.All (read all groups) from the Group option;
- Group.Members.Read.All (read all group memberships) permission from the GroupMember option;
- User.Read.All (read user profiles) and User.ReadWrite.All (read and write user profiles) permissions from the User option,
then click on the Add permissions button.
From the SharePoint option, the following Application permissions are required (from the Sites and TermStore groups):
- Sites.FullControl.All – have full control of all site collections
- Sites.Manage.All – Read and write items and lists in all site collections
- Sites.Read.All – Read items in all site collections
- Sites.ReadWrite.All – Read and write items in all site collections
- TermStore.Read.All – Read managed metadata
- TermStore.ReadWrite.All – Read and write managed metadata
3) After the permissions have been assigned to the application, the administrator must grant consent for these permissions. Click on the Grant admin consent for “TENANTNAME” button.
4) When the permissions are assigned to the application and the admin consent is granted, the client access certificate needs to be assigned to the application. Click on the Certificates & secrets option in the left side menu. On the certificate management screen click on the Upload certificate (Certificates tab) button. Browse the client certificate you want to use and upload it. It can be a self-signed certificate or an already existing one. A PowerShell script for creating a self-signed certificate can be downloaded here.
5) Next, add a new client secret by clicking on the + Next client secret button. This is necessary for some plugins and client applications (Test_client secret in our example).
After the configuration is done, copy the client secret shown on the Get client secret dialog box to a secure location so that you can refer to it later. The client secret will be required when configuring certain contentACCESS models with modern authentication– like Email archive, SharePoint archive, Teams archive, GDPR Exchange, and Exchange connection.