Sharepoint Online

Requirements

  • Within Azure, an Entra App was created and configured as described here

  • Within Teleskope, you have a Teleskope Account with the Admin role

Integration

To automate the following steps, see Scripted enrollment.

1

Grant the Teleskope App Microsoft Graph API scopes

Navigate to your App Registration, then Manage -> API Permissions, and assign the following Graph API scopes via Application Permissions:

  • Directory.Read.All

  • ExternalUserProfile.Read.All

  • Files.Read.All

  • Group.Read.All

  • GroupMember.Read.All

  • RoleManagement.Read.All

  • SharePointTenantSettings.Read.All

  • Sites.Read.All

  • User.Read.All

Optional Permissions to enable features in 'Policy Maker'

  • InformationProtectionPolicy.Read.All

  • Files.ReadWrite.All

Lastly, grant admin consent to all of the permissions.

2

Grant the Teleskope App Sharepoint API scopes

  • Sites.Manage.All

  • Sites.Read.All

  • TermStore.Read.All

  • User.Read.All

Optional Permissions to enabled features in 'Policy Maker' and extra 'Data Access' Information.

  • Sites.FullControl.All

3

Enable Metered APIs and Services

Follow these instructions and enable Metered API and Services for Azure

4

Generate a certificate

  1. Create an Azure certificate with a public key by following the Microsoft instructions to Create and export your public certificate

    1. Base64 encode the .pfx file. For example, in PowerShell, run the following command:

      1. $fileBytes = [System.IO.File]::ReadAllBytes("example.txt")
        $base64 = [Convert]::ToBase64String($fileBytes)
        $base64
  2. Go to Certificates & secrets.

  3. Go to the Certificates tab and then click Upload certificate, and upload the certificate (.cer file) you generated

  4. Follow Microsoft's instructions to Export your public certificate with its private key

(If using MacOS) Please use the certificate.sh script to generate the credentials mentioned in the docs above.

5

Enroll SharePoint in Teleskope

  1. Navigate to Settings > Connector > Azure

  2. Click Enroll New Tenant

  3. Input your Tenant ID, Domain, Base64 encoding of your pfx file, corresponding password, and secret value.

Scripted enrollment

The following scripts can be used to automate the app registration and generate everything you need for enrollment:

Prerequisites

  1. Azure CLI installed & logged in

    • Authenticate with az login (or az login --tenant <tenant‑id> --subscription <sub‑id> if you manage multiple subscriptions).

  2. Administrator role

    • You need Application Administrator (or Cloud Application Administrator/ Global Administrator) in Azure AD, plus Contributor on the target subscription (so you can register providers and create resource groups).

  3. PowerShell execution policy (Windows only)

    • If you haven’t run unsigned scripts before, in an elevated PowerShell window run:

      Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Steps

  1. Install prerequisites

    • On macOS:

      brew install azure-cli jq openssl
    • On Windows: ensure you have Azure CLI, jq, and OpenSSL.

  2. Download the scripts into a working folder (right click → save as).

  3. Edit the Config section

    • Open the script and replace all the <PLACEHOLDERS> (<RESOURCE_GROUP>, <YOUR_REGION>, <YOUR_SUBSCRIPTION_ID>, <PFX_PASSWORD>) with your values.

  4. Make executable (macOS only)

    chmod +x ./sharepoint_enrollment_macOS.sh
  5. Run the script

    • macOS: ./sharepoint_enrollment_macOS.sh

    • Windows: open PowerShell in the script folder and run .\sharepoint_enrollment_windows.ps1

  6. Verify output

    • Look for the generated teleskope-app-details.txt (or your chosen filename) and confirm it contains Tenant ID, Client ID/Secret, PFX Base64, etc.

  7. Enroll Sharepoint in Teleskope (see final step of Integration)

Last updated

Was this helpful?