Connecting to your tenant

dAfter successfully installing sapio365 on your machine, you have several options to connect to your Microsoft 365 environment depending on the rights you have in Microsoft 365.


Who are you?


I am a global admin

Since you have global admin privileges, create an Advanced session with elevated privileges to extend your data access using both delegated and application permissions privileges.

An Elevated Advanced session means you will be able to access data like mailboxes, group and SharePoint site content without having to add yourself as an owner or group member.

Just follow the prompts when creating a new Advanced Session (1). You will be asked if you want to elevate your privileges. You can also decide to elevate your privileges at a later time (2).


Click here to learn more about using an Advanced session with elevated privileges.




I am not a global admin

If a global admin has consented to the permissions of the sapio365 application (Advanced session), then create a new Advanced session (1) to leverage sapio365's extended reach of the data you already have access to.


If you cannot obtain consent from a global admin, then create a new Standard session (2). You will have to give user consent to the permissions it needs to access your data.

In both cases, your privileges remain the same as in Microsoft 365 but you will have the benefits of sapio365's global vision, bulk editing and automation.

Click here to learn more about using a Standard session.


I have access to the Microsoft Partner Center


If you have been given access to your customers' environment, simply create a new Advanced session and click on Partner Access to see a list of your customers. Click on a customer tenant to access their data.

Make sure to ask a global admin of that tenant to give consent to the sapio365 application.


You can repeat this for each of your customers to create a specific session for each one. Then you can switch between the listed customers sessions in Recent Sessions once you have logged in at least once in each, and as long as your session token has not expired.




I have been assigned a role in sapio365 RBAC





Start by creating a Standard session to see a list of the roles assigned to you.

Once you choose a role, a Role-Based Session is created which will give you access to sapio365 features and datasets of users, groups or sites that were previously configured by your sapio365 Role-Based Access Control (RBAC) administrator.

sapio365 roles are independent of the Microsoft roles you have been assigned.

When choosing a role, you have the option to exclude users, groups or sites outside your scope in order to hide them in the FlexyView Grid. If you choose to include them, they will appear greyed out.

Click on Role Info to see the details of the current role or click on Choose Role to switch to another available role.

Note that your actions in sapio365 while in a Role-Based session will be logged specifically as you in the current role.


I have an Azure subscription and want to work collaboratively with sapio365


Shared data created in sapio365 like User Activity Logs, Comments, and RBAC role definitions, are all stored within a single container in Cosmos DB on your Azure. All you need is an existing Azure subscription and sapio365, and a few clicks to create a dedicated Cosmos DB storage container.

Click here to learn how to create a Cosmos DB account from sapio365.



I have a hybrid Microsoft 365 environment

sapio365 supports hybrid Microsoft 365 environments. When you create a session in sapio365 by signing into your tenant, sapio365 detects the associated cloud domains and on-prem domains.

Here is how to make sure there is a proper connection with your on-prem environment.

IMPORTANT

You must have RSAT installed on your machine. It will use the credentials that are used to connect to the AD DS on that machine.

Your machine must be part of the domain. If it is not please contact us at support@ytria.com and we will guide you through the steps.

Check if sapio365 is connected and enable on-prem data retrieval

In the main window of sapio365, click on 'Edit On-Prem Settings'.

  1. Here, you will see a list of your associated cloud and on-prem domains.Your on-prem domain must match one of the listed cloud domains.
  2. Set 'Enable' to true in order to be able to retrieve your on-prem users and groups in their relative modules. You can also choose to load your on-prem data in those modules automatically.
  3. Enter your computer name of the Azure AD Connect server in order to use the 'Force sync' feature in the Users and Groups modules.
  4. If your Windows credentials are not the ones you use to connect to AD DS, then enter them here along with the password.