{"id":3566,"date":"2024-02-07T12:59:45","date_gmt":"2024-02-07T12:59:45","guid":{"rendered":"https:\/\/poiseddevelopers.com\/reality-tech\/?p=3566"},"modified":"2024-05-07T07:30:30","modified_gmt":"2024-05-07T07:30:30","slug":"connecting-to-sharepoint-online-using-managed-identity","status":"publish","type":"post","link":"https:\/\/poiseddevelopers.com\/reality-tech\/connecting-to-sharepoint-online-using-managed-identity\/","title":{"rendered":"Connecting to SharePoint Online using Managed Identity"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/connecting-to-sharepoint-online-using-managed-identity\/#Approach_1_Connecting_to_SharePoint_Online_using_Managed_Identity_with_Granular_Access_Permissions\" title=\"Approach 1: Connecting to SharePoint Online using Managed Identity with Granular Access Permissions\">Approach 1: Connecting to SharePoint Online using Managed Identity with Granular Access Permissions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/connecting-to-sharepoint-online-using-managed-identity\/#A_Logic_App_with_a_System-assigned_Managed_Identity\" title=\"A Logic App with a System-assigned Managed Identity:\">A Logic App with a System-assigned Managed Identity:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/connecting-to-sharepoint-online-using-managed-identity\/#Grant_Application_Scope_in_Microsoft_Graph\" title=\"Grant Application Scope in Microsoft Graph\">Grant Application Scope in Microsoft Graph<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/connecting-to-sharepoint-online-using-managed-identity\/#Configure_Logic_App_to_Retrieve_SharePoint_List_Items\" title=\"Configure Logic App to Retrieve SharePoint List Items\">Configure Logic App to Retrieve SharePoint List Items<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/connecting-to-sharepoint-online-using-managed-identity\/#Approach_2_Registering_the_Azure_App_for_SharePoint_Online\" title=\"Approach 2: Registering the Azure App for SharePoint Online\">Approach 2: Registering the Azure App for SharePoint Online<\/a><\/li><\/ul><\/nav><\/div>\n<p>When automating tasks in Microsoft 365, it\u2019s best to avoid logon IDs and passwords.<\/p>\n<p>The best practice is to use the least privileges and function in a zero-trust environment.<\/p>\n<p>The ideal approach is to use a Managed Identity with the Sites.<\/p>\n<p>Selected application scope, some approaches use a Sites.<\/p>\n<p>Selected scope with an App Registration and Service Principal, but the best approach is to use Managed Identities for identity management in automation.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Approach_1_Connecting_to_SharePoint_Online_using_Managed_Identity_with_Granular_Access_Permissions\"><\/span>Approach 1: Connecting to SharePoint Online using Managed Identity with Granular Access Permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Microsoft Graph and\u00a0<strong><a href=\"https:\/\/reality-tech.com\/capabilities\/sharepoint-online-and-office-365\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"SharePoint Online - open in a new tab\" data-uw-rm-ext-link=\"\" data-uw-rm-brl=\"PR\" data-uw-original-href=\"https:\/\/reality-tech.com\/capabilities\/sharepoint-online-and-office-365\/\" data-uw-original->SharePoint Online<\/a><\/strong>\u00a0support some granular access permissions using Sites.<\/p>\n<p>Selected application scope in Graph and app access role permissions in Site collections. It even works with Managed Identities.<\/p>\n<p>The Sites selected application scope was added to Microsoft Graph a while back to enable granular app access permissions within SharePoint Online.<\/p>\n<p>With this scope, one can grant application access to specific SharePoint Online site collections instead of granting access to all site collections in the tenant.<\/p>\n<p><strong>Managed Identities<\/strong>\u00a0is a way of providing identities to Azure resources without any App credentials like certificates or client secrets involved.<\/p>\n<p><strong>The prerequisites:<\/strong><\/p>\n<p>Needed the following resources for setup:<\/p>\n<ul>\n<li>A Logic App with a System Assigned Managed Identity.<\/li>\n<li>A SharePoint Site with a SharePoint list populated with a few columns and items.<\/li>\n<li>Access to grant Microsoft Graph application scopes and SharePoint site permissions.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"A_Logic_App_with_a_System-assigned_Managed_Identity\"><\/span>A Logic App with a System-assigned Managed Identity:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Once the System assigned Managed Identity is enabled on the Logic App, Note down the Object (principal) ID for the Managed Identity\u00a0<em>(guid e8800382-610d-4761-9b15-873065e53227)<\/em>\u00a0\u2013 which will be used to grant Sites. Selected application\u00a0<a href=\"https:\/\/wewisepeople.com\/how-dubverse-lets-creators-dub-a-video-in-multiple-languages-using-ai\/\" target=\"_blank\" rel=\"nofollow noopener\" aria-label=\"scope - open in a new tab\" data-uw-rm-ext-link=\"\" data-uw-rm-brl=\"PR\" data-uw-original-href=\"https:\/\/wewisepeople.com\/how-dubverse-lets-creators-dub-a-video-in-multiple-languages-using-ai\/\" data-uw-original-><strong>scope<\/strong><\/a>\u00a0in Microsoft Graph.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3567 size-full\" src=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-02.jpg\" alt=\"Blog-Post-01-02\" width=\"1004\" height=\"566\" srcset=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-02.jpg 1004w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-02-300x169.jpg 300w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-02-768x433.jpg 768w\" sizes=\"auto, (max-width: 1004px) 100vw, 1004px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3569 size-full\" src=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-03.jpg\" alt=\"Blog-Post-01-03\" width=\"1004\" height=\"566\" srcset=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-03.jpg 1004w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-03-300x169.jpg 300w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-03-768x433.jpg 768w\" sizes=\"auto, (max-width: 1004px) 100vw, 1004px\" \/><\/p>\n<p>Visiting the\u00a0<strong>Enterprise Application<\/strong>\u00a0blade in the\u00a0Azure AD Portal, select the recently created Managed Identity object and noted down the\u00a0Application ID\u00a0for the Managed Identity\u00a0<em>(guid 827fc69f-2814-44d7-96bc-492f2bf21c83)<\/em>\u00a0\u2013 which will be used to grant permission within the SharePoint site.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3571 size-full\" src=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-04.jpg\" alt=\"Application Id\" width=\"1004\" height=\"566\" srcset=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-04.jpg 1004w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-04-300x169.jpg 300w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-04-768x433.jpg 768w\" sizes=\"auto, (max-width: 1004px) 100vw, 1004px\" \/><\/p>\n<p>Create a Team site with the name\u00a0<strong>Test Team Site<\/strong>, which generated a SharePoint site, and added a SharePoint List with the name\u00a0<strong>OrderList<\/strong>\u00a0with necessary columns and a few items.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Grant_Application_Scope_in_Microsoft_Graph\"><\/span>Grant Application Scope in Microsoft Graph<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Use\u00a0<strong>Microsoft Graph PowerShell SDK<\/strong>\u00a0to grant the\u00a0Sites. Selected\u00a0application scope in Microsoft Graph.<\/p>\n<pre lang=\"php\">$ObjectId is set to the guid value of Object (principal) ID for the Managed Identity noted down earlier.\r\n\r\n# Add the correct \u2018Object (principal) ID\u2019 for the Managed Identity\r\n\r\n$ObjectId = \u201ce8800382-610d-4761-9b15-873065e53227\u201d\r\n\r\n# Add the correct Graph scope to grant\r\n\r\n$graphScope = \u201cSites.Selected\u201d\r\n\r\nConnect-MgGraph -Scope AppRoleAssignment.ReadWrite.All\r\n\r\n$graph = Get-MgServicePrincipal -Filter \u201cAppId eq \u201800000003-0000-0000-c000-000000000000\u2032\u201d\r\n\r\n$graphAppRole = $graph.AppRoles | ? Value -eq $graphScope\r\n\r\n$appRoleAssignment = @{\r\n\r\n    \u201cprincipalId\u201d = $ObjectId\r\n\r\n    \u201cresourceId\u201d  = $graph.Id\r\n\r\n    \u201cappRoleId\u201d   = $graphAppRole.Id\r\n\r\n}\r\n\r\nNew-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $ObjectID -BodyParameter $appRoleAssignment | Format-List\r\n\r\nRunning the Powershell code produced the following output in the console, indicating that the scope was successfully granted.\r\n\r\nAppRoleId: 883ea226-0bf2-4a8f-9f9d-92c9162a727d\r\n\r\nCreatedDateTime: 14.02.2022 07:45:10\r\n\r\nDeletedDateTime:\r\n\r\nId: 9Uv0TSLb\u2026Yw3xRUH8\r\n\r\nPrincipalDisplayName: test-team-site-automation\r\n\r\nPrincipalId: e8800382-610d-4761-9b15-873065e53227\r\n\r\nPrincipalType: ServicePrincipal\r\n\r\nResourceDisplayName: Microsoft Graph\r\n\r\nResourceId: 07165e04-89b3-4996-8b1d-a2a225eb5104\r\n\r\nAdditionalProperties: {[@odata.context, https:\/\/graph.microsoft.com\/v1.0\/$metadata#servicePrincipals(\u2018e8800382-610d-4761-9b15-873065e53227\u2019)\/appRoleAssignments\/$entity]}\r\n\r\nThe Managed Identity now has the Sites.\r\n\r\nSelected application scope in Microsoft Graph, but still requires app access within the specific SharePoint site.\r\n\r\nGrant App Access to a Specific SharePoint Site\r\nMicrosoft Graph PowerShell SDK to grant the Managed Identity app access to the SharePoint site.\r\n\r\nid in the application hashtable is set to the guid value of Application ID for the Managed Identity noted down earlier.\r\n\r\n# Add the correct \u2018Application (client) ID\u2019 and \u2018displayName\u2019 for the Managed Identity\r\n\r\n$application = @{\r\n\r\nid = \u201c827fc69f-2814-44d7-96bc-492f2bf21c83\u201d\r\n\r\ndisplayName = \u201ctest-team-site-automation\u201d\r\n\r\n}\r\n\r\n# Add the correct role to grant the Managed Identity (read or write)\r\n\r\n$appRole = \u201cwrite\u201d\r\n\r\n# Add the correct SharePoint Online tenant URL and site name\r\n\r\n$spoTenant = \u201ctenant.sharepoint.com\u201d\r\n\r\n$spoSite  = \u201cTestTeamSite\u201d\r\n\r\n# No need to change anything below\r\n\r\n$spoSiteId = $spoTenant + \u201c:\/sites\/\u201d + $spoSite + \u201c:\u201d\r\n\r\nImport-Module Microsoft.Graph.Sites\r\n\r\nConnect-MgGraph -Scope Sites.FullControl.All\r\n\r\nNew-MgSitePermission -SiteId $spoSiteId -Roles $appRole -GrantedToIdentities @{ Application = $application }\r\n<\/pre>\n<p>Running the Powershell code produced the output of a permission ID in the console, indicating that the permission was successfully granted.<\/p>\n<p>The Logic App\u2019s Managed Identity should now have enough permissions to both read and write the SharePoint List items via Microsoft Graph.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Configure_Logic_App_to_Retrieve_SharePoint_List_Items\"><\/span>Configure Logic App to Retrieve SharePoint List Items<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>I went back to the Logic App and the <strong>Logic app designer<\/strong> blade and added a new action step.<\/p>\n<ul>\n<li>Connector:\u00a0HTTP<\/li>\n<li>Method:\u00a0GET<\/li>\n<li data-uw-rm-sr=\"\">URI:\u00a0https:\/\/graph.microsoft.com\/v1.0\/sites\/&lt;tenant&gt;.sharepoint.com:\/sites\/TestTeamSite:\/lists\/OrderList\/items?$select=id,webUrl,fields,createdDateTime&amp;$expand=fields($select=Title,Owner,Description,AutomationCompleted)&amp;$top=999<\/li>\n<li>Authentication\n<ul>\n<li>Authentication type:\u00a0Managed Identity<\/li>\n<li>Managed identity:\u00a0System-assigned managed identity<\/li>\n<li>Audience: https:\/\/graph.microsoft.com<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Save the new configuration and triggered the Logic App. And behold \u2013 status code 200 and a response body with the list items!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3574 size-full\" src=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-05.jpg\" alt=\"Blog-Post-01-05\" width=\"1005\" height=\"566\" srcset=\"https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-05.jpg 1005w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-05-300x169.jpg 300w, https:\/\/poiseddevelopers.com\/reality-tech\/wp-content\/uploads\/2024\/05\/Blog-Post-01-05-768x433.jpg 768w\" sizes=\"auto, (max-width: 1005px) 100vw, 1005px\" \/><\/p>\n<p>Success! The Logic App is able to work with data in SharePoint Online sites authenticating with its least-privileged Managed Identity, but only for sites it is specifically granted app access to.<\/p>\n<p>Now you know how to utilize Sites. Selected application scope and app access roles in SharePoint Online to grant least-privileged access for automation processes utilizing Managed Identities.<\/p>\n<p>For further assistance or to explore\u00a0<a href=\"https:\/\/reality-tech.com\/services\/sharepoint-development-services\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"SharePoint online development services - open in a new tab\" data-uw-rm-ext-link=\"\" data-uw-rm-brl=\"PR\" data-uw-original-href=\"https:\/\/reality-tech.com\/services\/sharepoint-development-services\/\" data-uw-original->SharePoint online development services<\/a>, consider consulting a reputable SharePoint development company like Reality Tech.<\/p>\n<div style=\"background-color: white; box-shadow: 0 0 10px whitesmoke; padding: 20px; width: 800px;\">\n<h4 style=\"color: black;\">Additional Read<\/h4>\n<p><a style=\"color: #1f6799; text-decoration: none;\" href=\"https:\/\/reality-tech.com\/the-ultimate-guide-to-using-sharepoint-for-end-users\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Power BI\u2019s Interactive Dashboard \u2013 Development, Features &amp; Benefits! - opens in new tab\" data-uw-rm-brl=\"false\" data-uw-rm-ext-link=\"na\">The Ultimate Guide to Using SharePoint for End Users!<\/a><\/p>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Approach_2_Registering_the_Azure_App_for_SharePoint_Online\"><\/span>Approach 2: Registering the Azure App for SharePoint Online<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>Procedure<\/strong><\/p>\n<ol>\n<li>Log on to the Azure portal (https:\/\/portal.azure.com\/) using your global admin user account.<\/li>\n<li>Go to Azure Active Directory.<\/li>\n<li>In the navigation pane, click App Registrations.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>The App Registrations page appears.<\/li>\n<li>Click New Registration.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>The\u00a0Register an application screen appears.<\/li>\n<li>In the\u00a0Name\u00a0box, type a name for the app.<\/li>\n<li>Under\u00a0Supported account types, select\u00a0Accounts in this organizational directory only (<em>tenant_prefix<\/em>\u00a0\u2013 Single tenant).<\/li>\n<li>To verify the status of the app and to authorize the app from the\u00a0Command Center, under\u00a0Redirect URI, enter the Command Center URL.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>For example, enter\u00a0https:\/\/<em>host_name<\/em>.domainname.com\/commandcenter.<\/li>\n<li>Click\u00a0Register.<\/li>\n<li>Copy and paste the following values in a document that you can access later:<br role=\"presentation\" data-uw-rm-sr=\"\" \/>\u2013 Application ID<br role=\"presentation\" data-uw-rm-sr=\"\" \/>\u2013 Directory ID<br role=\"presentation\" data-uw-rm-sr=\"\" \/>You will enter these values in the Commvault software when you complete the Office 365 guided setup.<\/li>\n<li>In the navigation pane, click API permissions.<\/li>\n<li>Click Add a permission.<\/li>\n<li>Click Microsoft Graph and complete the following steps:<br role=\"presentation\" data-uw-rm-sr=\"\" \/>\u2013 Click Application permissions.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>\u2013 Select the User. Read permission.<\/li>\n<li>Click Add Permissions.<\/li>\n<li>Click\u00a0Grant admin consent for\u00a0<em>tenant_name<\/em>.<\/li>\n<li>Click\u00a0Yes.<\/li>\n<li>In the navigation pane, click\u00a0Certificates &amp; secrets.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>The\u00a0Certificates &amp; secrets page appears.<\/li>\n<li>Click\u00a0New client secret.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>The\u00a0Add a client secret dialog box appears.<\/li>\n<li>Enter a description, and then select the maximum value.<\/li>\n<li>Click\u00a0Add.<\/li>\n<li>Copy and paste the client\u2019s secret value in a document that you can access later.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>You will enter this value in the Command Center when you complete the Office 365 guided setup.<\/li>\n<li>To assign full permissions to the tenant to back up SharePoint sites, in your browser, go to the tenant URL.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>For example, go to https:\/\/&lt;office_365_tenant_URL&gt;\/_layouts\/15\/appinv.aspx. The SharePoint admin center page appears.<\/li>\n<li>In the\u00a0App ID\u00a0box, enter the application ID that you recorded earlier, and then click\u00a0Lookup.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>In the\u00a0Title box, the name of the application appears.<\/li>\n<li>In the\u00a0App Domain\u00a0box, type\u00a0tenantname.onmicrosoft.com.<br role=\"presentation\" data-uw-rm-sr=\"\" \/>To get the correct domain name, go to the\u00a0Microsoft Azure\u00a0website,\u00a0<em>Custom domain names<\/em>.<\/li>\n<li>In the\u00a0App\u2019s Permission Request XML\u00a0box, type the following XML string:<br role=\"presentation\" data-uw-rm-sr=\"\" \/>&lt;AppPermissionRequests AllowAppOnlyPolicy=\u201dtrue\u201d&gt;&lt;AppPermissionRequest Scope=\u201dhttp:\/\/sharepoint\/content\/tenant\u201d Right=\u201dFullControl\u201d \/&gt;&lt;AppPermissionRequest Scope=\u201dhttp:\/\/sharepoint\/social\/tenant\u201d Right=\u201dRead\u201d \/&gt;&lt;\/AppPermissionRequests&gt;<\/li>\n<li>Click\u00a0Create.<\/li>\n<li>Click Trust It.<\/li>\n<\/ol>\n<div style=\"background-color: white; box-shadow: 0 0 10px whitesmoke; padding: 20px; border-radius: 5px; display: flex; justify-content: space-around; width: 950px;\">\n<div class=\"content\">\n<h4 role=\"heading\" data-uw-rm-heading=\"level\" aria-level=\"3\"><b>Start Your SharePoint Project in a Click<\/b><\/h4>\n<p style=\"width: 70%;\">Our technology and wide delivery footprint have created billions of dollars in value for clients globally and are widely recognized by industry professionals and analysts.<\/p>\n<\/div>\n<div style=\"display: flex; align-items: center;\">\n<div class=\"content-btn\" style=\"padding: 8px; border: 1px solid #009a00; width: 238px; height: fit-content; cursor: pointer;\"><a style=\"color: #009a00;\" href=\"https:\/\/poiseddevelopers.com\/reality-tech\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Let\u2019s connect and brainstorm!<\/a><\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When automating tasks in Microsoft 365, it\u2019s best to avoid logon IDs and passwords. The best practice is to use the least privileges and function in a zero-trust environment. The ideal approach is to use a Managed Identity with the Sites. Selected application scope, some approaches use a Sites. Selected scope with an App Registration [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1623,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[56],"tags":[],"class_list":["post-3566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sharepoint-online"],"acf":[],"_links":{"self":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts\/3566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/comments?post=3566"}],"version-history":[{"count":3,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts\/3566\/revisions"}],"predecessor-version":[{"id":3779,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/posts\/3566\/revisions\/3779"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/media\/1623"}],"wp:attachment":[{"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/media?parent=3566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/categories?post=3566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/poiseddevelopers.com\/reality-tech\/wp-json\/wp\/v2\/tags?post=3566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}