Skip to main content
Skip table of contents

Advanced session

Connect to your tenant data by creating an Advanced session in sapio365 by clicking the button in the ribbon.

Why use an Advanced session in sapio365?

  • Maximize your access to Microsoft 365 data with the option to elevate your privileges

  • Manage Microsoft 365 and on-prem (hybrid) data in one interface

  • Configure and manage sapio365 role-based access control (RBAC)

Requires admin consent.

What can I do in an Advanced session?

An Advanced session in sapio365 lets you access and manage all data for which you have permissions, as well as some settings not available in the portal UI.

If your user rights allow you, you can access the following:

  • Users' messages, inbox rules, calendar events and personal contacts for accessible mailboxes

  • Users' one-to-one, group and meeting chats and chat messages

  • Owned and shared OneDrive documents and their permissions

  • Group and SharePoint site document libraries

  • Group owners and members

  • Team channels and chats

  • Site and site list information

  • Directory admin roles

  • Usage and audit reports

  • Registered devices

  • Registered applications

See the full list of features


  • View the entire user list for your tenant’s directory as well as all users’ profile information.

  • Manage service plans and license information for all users.

  • Edit user profile information for any user, even multiple users at once.

  • Create new users or import several from a file.

  • Display and manage group memberships for every user in your tenant’s directory.

  • For your own account and those users whose mailboxes you have access to, access:

    • Drive items

    • Messages

    • Personal contacts

    • Calendar entries

    • One-to-one, group and meeting chats and chat messages.

Groups & Teams

  • View all groups in your tenant, including their property information.

  • Display and manage all group members and owners.

  • See and manage Teams, their members, channels and files.

  • Retrieve all drive item information.

  • View group SharePoint site information.

  • Add or remove owners for any group in your tenant, even multiple groups and owners at once.

  • Manage mail delivery restrictions on any group in your tenant, even for multiple groups at once.


  • View all messages—including the mail folder structure.

  • Preview messages directly from the full message list.

  • See all message properties.

  • Access all attachment information—and download or delete attachments directly.

  • Manage mail rules for all mailboxes.

Calendar events

For your own mailbox and other mailboxes you have access to:

  • View and manage all calendar events.

  • Preview calendar event body.

  • Download or delete attachments.

Personal contacts

See every users’ personal contacts.

OneDrive files and folders

  • Manage all information—including permissions—for every OneDrive file and folder in your tenant.

  • Download files and folders.

  • Upload files and folders.

  • Create folders.

SharePoint sites and lists

  • Retrieve all SharePoint site information, including storage quotas.

  • Show all lists—as well as their items and columns—for all your accessible sites at once.

  • Manage all document library files and their permissions in one place.


Depending on your rights:

  • View usage reports.

  • View sign-ins (requires Azure AD Premium P1 or P2 license) and admin audit logs.

  • View and manage registered applications.

  • View registered devices.

Create a new Advanced session

Creating an Advance session in sapio365 requires giving admin consent to the application's permissions necessary to view or change data.

  1. Click on ‘New Advanced Session’.

  2. Sign-in with your Microsoft 365 account credentials when prompted by Microsoft 365, and answer any 2-factor authentication set in your environment.

  3. Give admin consent to the permissions needed by the sapio365 application.

Global admins can give consent tenant-wide consent by checking ‘Consent on behalf of your organization’ to allow all users to use the application for an Advanced session in sapio365.

Otherwise, the consent given is only for the signed-in user.

Create a new Advanced session.

Elevate your privileges

An Advanced - Elevated session will enable grant you greater access to mailboxes and SharePoint Online site content.

If you are a global admin, you will be prompted to elevate your privileges when you create an Advanced session. You can skip this step for a later date.

Learn more about about elevating your privileges.

Frequently Asked Questions

What happens when I create an Advanced session?

When launching an Advanced session for the first time, the application requires a one-time admin consent for sapio365 to access Microsoft 365 data.

Upon creation, the sapio365 application “Ytria sapio365 - with Admin Consent” is added to the list of Enterprise Apps in your Azure Active Directory, which can then be used by the users who give user consent or by all users in the tenant if consent is given tenant-wide by an admin.

If the application is removed from Azure AD or the admin consent is revoked, it can be added back by creating an Advanced session once again.

Admins can limit access to sapio365 to specific groups or users using Conditional Access. See “I'm an admin. Can I limit usage to a specific group of users?” in FAQ below.

An Advanced session in sapio365 can be identified in the list as “Ytria sapio365 - with Admin Consent”.

What exactly am I consenting to?

You’re consenting to the delegated permissions of the sapio365 application that allow you to access Microsoft 365 data within the scope of your user rights in Microsoft 365. This consent is between you and the sapio365 application. Your data NEVER goes through any third-party servers.

List of permissions used by sapio365 application for an Advanced session.

Why am I not able to give consent to sapio365?

Only a global (company) administrator can provide admin consent for the permissions of sapio365 applications used in advanced and elevated sessions. If you can’t obtain admin consent, you can use a standard session.

Does using an advanced session mean that I can access every users’ data?

No. Your access and actions remain limited by the rights and permissions you have in Microsoft 365. An advanced session in sapio365 gives you the advantage of having everything in one place, the ability to make bulk changes and create custom reports. You’ll need elevated privileges to access mailboxes and sites you don’t own. Get more info here.

Will my information pass through any external servers?

No, sapio365 does not require external servers to process this information – ever.

Is my Microsoft 365 data stored anywhere?

Some data is stored locally on your machine as a cache to improve processing times. The encryption of data is session-based so your information is protected.

Can I limit usage to a specific group of users?

Yes, just like for any application in your Azure AD, you can enable “User assignment required?” (1), and assign users to the app (2).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.