Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
- Chrome or Firefox (recommended) with pop-up blockers and ad blockers disabled (only for the duration of authorization)
- The user performing the installation must use a service account with a Microsoft 365 Global Admin and active license
- Audit log must be enabled for Microsoft 365. For more information, refer to Microsoft Technical documentation and search for Turn auditing on or off.
- Sharepoint Online and OneDrive must be enabled for the organization.
- The following IP addresses must be allowed if there are Firewall rules that prevent third-party applications:
- 146.112.161.0/24
- 146.112.163.0/24
- 146.112.165.0/24
- 146.112.167.0/24
- Users must have the following API permissions for Microsoft:
| API/ Permissions Name | Type | Description | Admin Consent Required |
|---|---|---|---|
| Microsoft Graph | |||
| 1. Directory.AccessAsUser.All | Delegated | Access directory as the signed-in user | Yes |
| 2. Directory.Read.All | Application | Read directory data | Yes |
| 3. Files.Read.All | Delegated | Read all files that user can access | No |
| 4. Files.Read.All | Application | Read files in all site collections | Yes |
| 5. Sites.Read.All | Delegated | Read items in all site collections | No |
| 6. User.Read | Delegated | Sign in and read user profile | No |
| 7. User.Read.All | Application | Read all users' full profiles | Yes |
| Microsoft 365 Management APIs | |||
| 1. AcitivityFeed.Read | Application | Read activity data for the Organization | Yes |
| SharePoint | |||
| 1. Site.FullControl.All | Application | Full control of all site collections | Yes |
| 2. User.Read.All | Application | Read user profiles | Yes |