To extract To extract and index documents stored in Microsoft SharePoint, the Locator SharePoint connector needs to be configured with a user that has access to all the documents that are to be extracted. This user is referred to as the index user.
...
- If any of the "Include Office 365..."-checkboxes in wizard is used for specific site collection templates
- If "Include other site templates" is checked in the wizard and some of the templates were selected.
Note 3: Global admins and SharePoint admins don't have automatic access to Group Sites. That means they can not manage permissions inside Group Sites. However global admins still have option to add members and owners to Group Sites.
...
- It is recommended to use this script without -UseWebLogin switch. This switch changes the calls to Connect-PnPOnline to use -UseWebLogin instead of -SPOManagementShell. And in most cases -SPOManagementShell is recommended.
- When you use this script you will be prompted to login into SharePoint in separate window. If you are not prompted to do so then it means that it is using cached credentials. You can call the script with -ClearTokenCacheOnFirstConnection switch to use different account.
- If you experienced any Unauthorized or Forbidden errors that shouldn't be happening then you should try to run this script again, this time without the -ClearTokenCacheOnFirstConnection switch.
- If the previous step doesn't help, you should try using the script -UseWebLogin switch. Keep in mind that if you use this switch you will be prompted to login to Admin Center, MySites, and then once for each user's OneDrive. However you can always decide to stay signed in. In that case you will not be asked to login again, but you will see new windows appear and automatically disappear shortly after. That is why using this switch is not recommended unless you are experiencing issues without it.
...
Configuring Windows Azure Active Directory
Locator uses the Windows Azure Graph API. The Office 365 Global Administrator will need to configure an application, called a "service principal" in Windows Azure terminology, to be authorized to read Windows Azure Active Directory information.
Setting up the Windows Azure Graph API for Locator
Setting up the Windows Azure Graph API for Locator is required in order to configure either an Exchange Online or a SharePoint online connection. This need only be done one time, as the client ID and secret key obtained through these steps can be used for both the Exchange Online connector and the SharePoint Online connector.
To create and obtain an Azure AD Client App Id and a Client Secret, sign into https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps using the global administrator account for your Office 365 organization and do the steps indicated in red below. The two values that are to be extracted are circled in green:
The screenshot above has the application Id we need. The two menu options that are to be used for creating and obtaining the client secret, are circled in red and will be used in the following screenshots:
...
Select New registration.
Set Name and set Supported account types to Accounts in this organizational directory only (Default Directory only - Single tenant) then click Register.
On the Overview for Locator Azure AD App (App Name), copy value of Application (client) ID and Directory (tenant) ID and save it, you will need it for configuration of SharePoint Online connection.
On Certificates & secrets, create New client secret and set Description and Expires date, then save secret's Value (Client Secret ID), you will need it for configuration of SharePoint Online connection.
On API permissions page, Add a permission from Microsoft Graph
Select Application permissions (Microsoft Graph), select and checked permission: Directory.Read.All (Read directory data)
Grant admin consent for Default Directory (Default directory - name of directory)
- After the granting the consent for permissions, permission statuses will be changed to granted.
Adding Permissions to the Azure AD Application for SharePoint Online indexing
...