Adding a One Drive for Business or an Office 365 (SharePoint Online) shared space
If you are using both Office 365 and One Drive for Business, both types of shared spaces must be declared.
- All end users will be registered in the Active Directory and must own a Microsoft Office 365 account.
- When you sign up for an Office 365 subscription, it will include at least access to the free Azure Active Directory (Azure AD) product range, which allows managing the identities of your users, and registering and/or declaring Azure AD applications. Therefore, ensure that your Office 365 has been correctly integrated into Azure AD. For more information on Azure AD, refer to the section SDS for C&M infrastructure on Microsoft Azure AD.
- To share protected files in OneDrive for Business and Office 365 shared spaces, you must register an SDS for C&M application in Microsoft Azure AD. There are two ways to do so:
- Use the Stormshield Azure application, in which case configuration will be automatic. The TCP port of the redirect URI is set to 12345 and must not be used by existing applications. The user must hold the role of general administrator on Azure AD to apply this automatic configuration.
- Use your own Azure application, in which case you must have configured the Stormshield application in Azure AD beforehand. Any redirect URI can be chosen.
For more information, refer to the section Declaring the application in Microsoft Azure AD.
- Access to anonymous guest links must be allowed in the Office 365 and SharePoint Online Administration Centers. For more information, refer to the section Allow anonymous guest link sharing for OneDrive and Office 365.
Creating a One Drive for Business or an Office 365 shared space
- In the server's administration interface, select the Shared spaces menu on the left.
- Click on New at the top right of the panel.
- Enter the name you wish to give to your shared space and select its type.
- Follow the steps in the configuration by filling in the fields.
- The Tenant ID is the identifier of the Office 365 tenant. Retrieve this identifier from the Azure AD administration center in the tenant's properties. You can also specify the domain name in this field, for example *onmicrosoft.com.
- The URI is the address of the Office 365 resource (website or subsite), e.g., https://mycompany.sharepoint.com/sdsforcm. This field is not required for OneDrive for Business shared spaces.
- The Endpoint is the connection URL to the Microsoft Office 365 authentication API. It must be in the form of https://login.microsoftonline.com/common/OAuth2.
- Click on Next then choose whether you wish to use the Stormshield Azure application or configure your own. For more information, refer to the Requirements.
- If you are using your own SDS for C&M application, fill in the following fields:
- The Application ID is the identifier of the Azure AD application. To find out how to obtain this number, refer to the section Declaring the application in Microsoft Azure AD.
- The Redirection URI is the URL called up after the user has logged in and corresponds to the address entered during the configuration of the application on Azure AD (HTTPS is not supported). Refer to the section Declaring the application in Microsoft Azure AD.
- Click on Create a new shared space.
- If you are using your own application on Azure AD, ask the general Office 365 administrator to enable it in Azure. This step is essential as it would allow you to share protected files. For more information, refer to the section Enabling Stormshield's SDS for C&M Azure AD application.