Connect to your tenant data by creating a Standard session in sapio365 by clicking the button in the ribbon.
Why use a Standard session in sapio365?
You cannot obtain admin consent for sapio365
You have been assigned a custom role through the built-in RBAC system
Requires user consent.
What can I do in a Standard session?
Due to recent changes and deprecation of certain application permissions by Microsoft, the following features are no longer accessible in a sapio365 Standard session as of version 2.1.10.
Profile information beyond the basic name and email of users in the directory
List of groups in directory
Group membership information
A Standard session in sapio365 has significantly fewer permissions than an Advanced one but it lets you view basic directory user information, and it lets you manage all SharePoint Online and mail data for which you have permissions:
Manage your messages, mail rules, calendar events, chats and personal contacts
Manage your OneDrive files and documents and their permissions
See site and site list information of SharePoint Online sites
See users' basic info like name, first name, last name and email
Manage documents that were shared with you in others' OneDrive or SharePoint Online sites
Manage email messages and calendars in others' mailboxes where you were given full access permissions
View the entire list for your tenant’s directory including users' names and emails.
See your own user profile information, including what Microsoft 365 license assigned to you.
See your own OneDrive usage quotas.
View the list of deleted users if your role permits.
For your own account and those users whose mailboxes you have access to, see all:
One-to-one, group and meeting chats and chat messages.
For your own mailbox and other mailboxes you have access to:
View all messages and their properties—including the mail folder structure.
Edit, delete or download messages.
Preview messages directly from the full message list.
Access all attachment information—and download or delete attachments directly.
View the make-up of all your inbox rules in one place
View and manage permissions of several mailboxes.
See your own contacts as well as contacts of users whose mailbox you have access to.
For your own calendar and other calendars you have access to:
View and manage all calendar events.
Preview calendar event body.
See attachment information.
OneDrive files and folders
For your OneDrive and all others you have access to:
See all file information in a hierarchical view—including who it’s been shared with and how.
Remove or change sharing permissions for files or folders
Download or upload files.
Rename or delete documents and folders.
SharePoint sites and lists
For all SharePoint Online sites you have access to:
Retrieve all SharePoint site information, including storage quotas.
Show all lists—as well as their items and columns—for all your accessible sites at once.
Manage all document library files in all drives, and their permissions in one place.
Create a new Standard session
Creating a Standard session in sapio365 requires giving your user consent to the application's permissions necessary to view or change data.
Click on ‘New Standard Session’.
Sign-in with your Microsoft 365 account credentials when prompted by Microsoft 365, and answer any 2-factor authentication set in your environment.
Give user consent to the permissions needed by the sapio365 application.
If you encounter an error during the process, it is likely that you are not allowed to grant consent to apps within your tenant. Please contact your administrator.
Global admins can give tenant-wide consent for users to avoid being prompted for user consent.
Frequently Asked Questions
When launching a Standard session for the first time, the application requires a one-time user consent for sapio365 to access your data.
Upon creation, the sapio365 application ‘Ytria sapio365 - Regular Access’ is added to the list of Enterprise Apps in your Azure Active Directory, which can then be used by the users who give user consent or by all users in the tenant if consent is given tenant-wide by an admin.
If the application is removed from Azure AD or the user consent is revoked, it can be added back by creating a Standard session once again.
Admins can limit access to sapio365 to specific groups or users using Conditional Access. See “I'm an admin. Can I limit usage to a specific group of users?” in FAQ below.
You consent to sapio365 accessing your data within the scope of your Office 365 rights. Since sapio365 is a locally installed application, your information NEVER goes through any third-party servers. You can think of giving user consent as saying: “Connect to my Microsoft 365 resources”.
No, sapio365 does not require external servers to process this information – ever.
You can remove this application whenever you wish by clicking Revoke in the App permissions section of https://myapps.microsoft.com/ .
The administrator can turn off user consent in which case you may find this option disabled. Note that, by default, the user consent option is implemented for Microsoft 365 organizations in Azure AD. However, an administrator can change this default setting to prevent end users from installing applications. Another reason you may not be able to provide your user consent is that you are not on the allowed list of users set up by your admin.
Yes, just like for any application in your Azure AD, you can enable “User assignment required?” (1), and assign users to the app (2).
If you’re a global admin, you will see a checkbox option “Consent on behalf of your organization” when you’re giving consent. Checking this box will prevent your users (who can use sapio365 Standard sessions) from being prompted to give their consent. If you don’t check it, the only consent given is yours, and your users will be prompted for their consent when creating a Standard session.