ievgensaxblog: MSDyn365FO. Configure SharePoint storage with Sites.Selected permissions

[Blog bot]

Источник: https://ievgensaxblog.wordpress.com/...d-permissions/
==============

Earlier this year, Satya Nadella sent a note to Microsoft employees, emphasising the need to prioritise security above all else. In line with this directive, the new “SharePoint user authentication” feature is introduced in 10.0.40, enabled by default in 41. Given that security is the highest priority, Microsoft provides guidance on how to set this up without any granular permissions Steps provided require granting the Microsoft Dynamics ERP service principal full access to all SharePoint sites that is very secure indeed. Currently, using Sites.Selected is not supported.

However, you are covered, below is a PowerShell script that will get you there

$tenantid = ""#guid, can get using https://companyname.sharepoint.com/sites/sitename/_api/site/id$siteid = ""$sharePointScope = "Sites.Selected"Connect-MgGraph -TenantId $tenantid -Scope AppRoleAssignment.ReadWrite.All#Office 365 SharePoint Online first party app $sharePointServicePrincipal = Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0ff1-ce00-000000000000'"$sharePointRole = $sharePointServicePrincipal.AppRoles | ? Value -eq $sharePointScope#Microsoft Dynamics ERP first party app $appSp = Get-MgServicePrincipal -Filter "AppId eq '00000015-0000-0000-c000-000000000000'"write-output $ObjectId$appRoleAssignment = @{ "principalId" = $appSp.Id "resourceId" = $sharePointServicePrincipal.Id "appRoleId" = $sharePointRole.Id}New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $appSp.Id -BodyParameter $appRoleAssignment | Format-ListConnect-MgGraph -TenantId $tenantid -Scope AppRoleAssignment.ReadWrite.All$targetSite = Get-MgSite -SiteId $siteidNew-MgSitePermission -SiteId $targetSite.id -Roles @("write") -GrantedToIdentities @(@{Application=@{Id=$appSp.AppId;DisplayName=$appSp.AppDisplayName}}) -Verbose

Источник: https://ievgensaxblog.wordpress.com/...d-permissions/