Connect to your tenant data by creating an Advanced session in sapio365 by clicking the button in the ribbon.
Why use an Advanced session in sapio365?
Maximize your access to Microsoft 365 data with the option to elevate your privileges
Manage Microsoft 365 and on-prem (hybrid) data in one interface
Configure and manage sapio365 role-based access control (RBAC)
Requires admin consent.
What can I do in an Advanced session?
An Advanced session in sapio365 lets you access and manage all data for which you have permissions, as well as some settings not available in the portal UI.
If your user rights allow you, you can access the following:
Users' messages, inbox rules, calendar events and personal contacts for accessible mailboxes
Users' one-to-one, group and meeting chats and chat messages
Owned and shared OneDrive documents and their permissions
Group and SharePoint site document libraries
Group owners and members
Team channels and chats
Site and site list information
Directory admin roles
Usage and audit reports
View the entire user list for your tenant’s directory as well as all users’ profile information.
Manage service plans and license information for all users.
Edit user profile information for any user, even multiple users at once.
Create new users or import several from a file.
Display and manage group memberships for every user in your tenant’s directory.
For your own account and those users whose mailboxes you have access to, access:
One-to-one, group and meeting chats and chat messages.
Groups & Teams
View all groups in your tenant, including their property information.
Display and manage all group members and owners.
See and manage Teams, their members, channels and files.
Retrieve all drive item information.
View group SharePoint site information.
Add or remove owners for any group in your tenant, even multiple groups and owners at once.
Manage mail delivery restrictions on any group in your tenant, even for multiple groups at once.
View all messages—including the mail folder structure.
Preview messages directly from the full message list.
See all message properties.
Access all attachment information—and download or delete attachments directly.
Manage mail rules for all mailboxes.
For your own mailbox and other mailboxes you have access to:
View and manage all calendar events.
Preview calendar event body.
Download or delete attachments.
See every users’ personal contacts.
OneDrive files and folders
Manage all information—including permissions—for every OneDrive file and folder in your tenant.
Download files and folders.
Upload files and folders.
SharePoint sites and lists
Retrieve all SharePoint site information, including storage quotas.
Show all lists—as well as their items and columns—for all your accessible sites at once.
Manage all document library files and their permissions in one place.
Depending on your rights:
View usage reports.
View sign-ins (requires Azure AD Premium P1 or P2 license) and admin audit logs.
View and manage registered applications.
View registered devices.
Create a new Advanced session
Creating an Advance session in sapio365 requires giving admin consent to the application's permissions necessary to view or change data.
Click on ‘New Advanced Session’.
Sign-in with your Microsoft 365 account credentials when prompted by Microsoft 365, and answer any 2-factor authentication set in your environment.
Give admin consent to the permissions needed by the sapio365 application.
Global admins can give consent tenant-wide consent by checking ‘Consent on behalf of your organization’ to allow all users to use the application for an Advanced session in sapio365.
Otherwise, the consent given is only for the signed-in user.
Elevate your privileges
An Advanced - Elevated session will enable grant you greater access to mailboxes and SharePoint Online site content.
If you are a global admin, you will be prompted to elevate your privileges when you create an Advanced session. You can skip this step for a later date.
Frequently Asked Questions
When launching an Advanced session for the first time, the application requires a one-time admin consent for sapio365 to access Microsoft 365 data.
Upon creation, the sapio365 application “Ytria sapio365 - with Admin Consent” is added to the list of Enterprise Apps in your Azure Active Directory, which can then be used by the users who give user consent or by all users in the tenant if consent is given tenant-wide by an admin.
If the application is removed from Azure AD or the admin consent is revoked, it can be added back by creating an Advanced session once again.
Admins can limit access to sapio365 to specific groups or users using Conditional Access. See “I'm an admin. Can I limit usage to a specific group of users?” in FAQ below.
You’re consenting to the delegated permissions of the sapio365 application that allow you to access Microsoft 365 data within the scope of your user rights in Microsoft 365. This consent is between you and the sapio365 application. Your data NEVER goes through any third-party servers.
Only a global (company) administrator can provide admin consent for the permissions of sapio365 applications used in advanced and elevated sessions. If you can’t obtain admin consent, you can use a standard session.
No. Your access and actions remain limited by the rights and permissions you have in Microsoft 365. An advanced session in sapio365 gives you the advantage of having everything in one place, the ability to make bulk changes and create custom reports. You’ll need elevated privileges to access mailboxes and sites you don’t own. Get more info here.
No, sapio365 does not require external servers to process this information – ever.
Some data is stored locally on your machine as a cache to improve processing times. The encryption of data is session-based so your information is protected.
Yes, just like for any application in your Azure AD, you can enable “User assignment required?” (1), and assign users to the app (2).