Office 365 File Storage Prerequisites

Make sure your system fits the descriptions below before starting the installation.

Note

Some prerequisites differ for Exchange Online. Refer to Exchange Online Prerequisites.

When you have confirmed your system meets the requirements, you will create an Azure application for your OneDrive, SharePoint Online, or Exchange Online connector.

Permissions

Activity Monitor

To perform Activity Monitoring, the Azure AD application for SharePoint Online requires the ActivityFeed.Read permission to access the Office 365 Management APIs.

You must also ensure auditing is enabled for your tenant. Refer to Microsoft auditing documentation for details. To verify auditing was enabled correctly, go to the compliance portal and see if activities are displaying.

Note

According to Microsoft, it may take some time before auditing is fully enabled on your tenant.

Permissions Collection

To perform crawl and permissions collection, the Azure AD application for SharePoint Online requires the Sites.FullControl.All permission to access the SharePoint APIs.

Communication Requirements

Requirement	Source	Destination	Port
Data Access Security	Activity Monitor	Data Access Security Servers	8000-8008
Permissions Collection / Data Classification	Permissions Collector/Data Classification	SharePoint Online	https
Activity Monitoring	Activity Monitor	Office365 Activity API	https
OAuth Access Token Acquisition	Permission Collector/Data Classification Collector/Activity Monitor	Microsoft Token Endpoint	https

Access to the following over HTTPS:

• https://{tenant-name}.sharepoint.com/*

• https://{tenant-name}-admin.sharepoint.com/*

• https://{tenant-name}-my.sharepoint.com/*

• https://manage.office.com/* - to monitor and collect event data, using the Microsoft Management API

• https://login.microsoftonline.com/* - for OAuth access token acquisition.

Azure Active Directory Connectivity Requirements

The OneDrive and SharePoint Online Connectors require an AzureAD Identity Collector.

Data Access Security uses the Microsoft Graph REST API, which works exclusively in HTTPs.

The API base path is: https://graph.microsoft.com/v1.0/, where the tenant domain name is the customer assigned domain name on Microsoft cloud. It is usually in the format of domain_name.onmicrosoft.com, but might be different in your configuration.

A list of resources that are accessed by Data Access Security using the REST graph API include:

• https://graph.microsoft.com/v1.0/organization

• https://graph.microsoft.com/v1.0/users

• https://graph.microsoft.com/v1.0/groups

• https://graph.microsoft.com/v1.0/groups/group_id/members

• https://graph.microsoft.com/v1.0/groups/group_id/owners

• https://graph.microsoft.com/v1.0/directoryRoles

• https://graph.microsoft.com/v1.0/directoryRoles/role_id/members

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.