Sharepoint Online
Requirements
Within Azure, an Entra App was created and configured as described here
Within Teleskope, you have a Teleskope Account with the Admin role
Integration
To automate the following steps, see Scripted enrollment.
Grant the Teleskope App Microsoft Graph API scopes
Navigate to your App Registration, then Manage -> API Permissions, and assign the following Graph API scopes via Application Permissions:
Directory.Read.All
ExternalUserProfile.Read.All
Files.Read.All
Group.Read.All
GroupMember.Read.All
RoleManagement.Read.All
SharePointTenantSettings.Read.All
Sites.Read.All
User.Read.All
Optional Permissions to enable features in 'Policy Maker'
InformationProtectionPolicy.Read.All
Files.ReadWrite.All
Lastly, grant admin consent to all of the permissions.
Enable Metered APIs and Services
Follow these instructions and enable Metered API and Services for Azure
Generate a certificate
Create an Azure certificate with a public key by following the Microsoft instructions to Create and export your public certificate
Base64 encode the .pfx file. For example, in PowerShell, run the following command:
$fileBytes = [System.IO.File]::ReadAllBytes("example.txt") $base64 = [Convert]::ToBase64String($fileBytes) $base64
Go to Certificates & secrets.
Go to the Certificates tab and then click Upload certificate, and upload the certificate (.cer file) you generated
Follow Microsoft's instructions to Export your public certificate with its private key
(If using MacOS) Please use the certificate.sh script to generate the credentials mentioned in the docs above.
Scripted enrollment
The following scripts can be used to automate the app registration and generate everything you need for enrollment:
Prerequisites
Azure CLI installed & logged in
Authenticate with
az login
(oraz login --tenant <tenant‑id> --subscription <sub‑id>
if you manage multiple subscriptions).
Administrator role
You need Application Administrator (or Cloud Application Administrator/ Global Administrator) in Azure AD, plus Contributor on the target subscription (so you can register providers and create resource groups).
PowerShell execution policy (Windows only)
If you haven’t run unsigned scripts before, in an elevated PowerShell window run:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Steps
Install prerequisites
On macOS:
brew install azure-cli jq openssl
On Windows: ensure you have Azure CLI, jq, and OpenSSL.
Download the scripts into a working folder (right click → save as).
Edit the Config section
Open the script and replace all the
<PLACEHOLDERS>
(<RESOURCE_GROUP>
,<YOUR_REGION>
,<YOUR_SUBSCRIPTION_ID>
,<PFX_PASSWORD>
) with your values.
Make executable (macOS only)
chmod +x ./sharepoint_enrollment_macOS.sh
Run the script
macOS:
./sharepoint_enrollment_macOS.sh
Windows: open PowerShell in the script folder and run
.\sharepoint_enrollment_windows.ps1
Verify output
Look for the generated
teleskope-app-details.txt
(or your chosen filename) and confirm it contains Tenant ID, Client ID/Secret, PFX Base64, etc.
Enroll Sharepoint in Teleskope (see final step of Integration)
Last updated
Was this helpful?