Connect Microsoft OneDrive to Dropbox Dash

Admins Updated Mar 18, 2026

In this article

person icon

The information in this article applies to admins on Dropbox Dash.

You can connect your organization's Microsoft OneDrive account to Dropbox Dash to easily search for and find information about your content. With one click, you can receive answers on Dash or be directed to your content on SharePoint or Teams.

Authorization methods

There are two methods to authorize the connection between Microsoft 365 products (OneDrive, SharePoint, Teams files) and Dash:

  1. Register app in Microsoft Azure: Exchange certificates between Dash and Microsoft Entra ID to register the app on Microsoft Azure.
highlighter icon

Notes:

  • This method is recommended as it links the authorization to the Azure system rather than to an admin user account.
  • If you’ve already registered Dash in Microsoft Azure for Microsoft Teams, you can use that same registration to set up Microsoft OneDrive.

2. Authenticate with a service account: Create an admin account for accessing Microsoft OneDrive content to allow authorization between Dash and Microsoft OneDrive.

Follow the instructions below for the method that best works for your organization.

How content syncing works

  • Content sync starts as soon as connection is made, allowing you to quickly search your data. This may take a few hours to several days based on the amount of content in your account. You’ll receive an email when syncing is complete.
  • Dash performs a sync of your Microsoft OneDrive content and permissions every 60 minutes.

Method 1: How to register Dropbox Dash in Microsoft Entra

  1. Log in to dash.ai with your admin credentials.
  2. Click your avatar (profile picture or initials) in the lower left.
  3. Select Admin console.
  4. Click Dash in the left sidebar.
  5. Click Apps.
  6. Click the More apps tab.
  7. Click Add to the right of Microsoft OneDrive.
  8. Select Register app in Microsoft Azure, then click Start.
"Choose how to add Dash" prompt

9. Review the steps in What to expect, then click Next.

10. Click Azure portal and log in with your credentials.

At this point, you’ll need to create a new app registration in Microsoft Azure before you can continue with the prompts in Dash.

To create a new app registration in Microsoft Azure:

  1. In Microsoft Azure, click Microsoft Entra ID in the left sidebar.
Click Microsoft Entra ID in the left sidebar

2. Click Manage in the left sidebar, then click App registrations in the expanded list.

3. Click  New registration.

Click New registration.
4. On the Register an application page, enter “Dash” in the Name field.
Enter “Dash” in the Name field.

5. Under Supported account types, select Accounts in this organizational directory only.

6. Under Redirect URI (optional), click Select a platform, then select Web.

7. Paste the following address into the empty field: https://www.dropbox.com/oauth_connectors/redirect

8. Click Register.

Once you’ve registered Dash in Microsoft Azure, you’ll need to add the appropriate certificates and permissions.


 

To add a certificate:

  1. On the Dash overview page in Microsoft Azure, click Add a certificate or secret next to Client credentials.
"Click Add a certificate or secret next to Client credentials"

2. Create a private key for secure authentication between Microsoft OneDrive and Dash.

  • Consult your IT department on how certificates are managed within your own organization. Learn more about creating and managing certificates.
  • When generating the certificate, create an unencrypted private key.
  • When copying the private key into the Microsoft 365 company app setup carousel, make sure you include the full key with the header and footer lines exactly as shown:

 

----BEGIN PRIVATE KEY----
[Your private key content]
----END PRIVATE KEY----
3. Click Upload certificate, choose your file, then click Add.
"Upload certificate" window

To add API permissions:

  1. On the Dash overview page in Microsoft Azure, click API permissions in the left sidebar.
  2. Click Add a permission.
  3. Click Microsoft Graph under Microsoft APIs.
  4. Click Application Permissions, then search for and add the following permissions:
  • Microsoft Graph
    • AuditLogsQuery-SharePoint
    • DelegatedPermissionGrant.Read.All
    • DelegatedPermissionGrant.ReadWrite.All
    • Directory.Read.All
    • Directory.ReadWrite.All
    • Domain.Read.All
    • Files.Read.All
    • Files.ReadWrite.All
    • Group.Read.All
    • Group.ReadWrite.All
    • GroupMember.Read.All
    • GroupMember.ReadWrite.All
    • Reports.Read.All
    • Sites.FullControl.All
    • Sites.Manage.All
    • Sites.Read.All
    • Sites.ReadWrite.All
    • User.Read.All
    • User.ReadWrite.All
  • Office 365 Management API Permissions
    • ActivityFeed.Read
    • ActivityFeed.ReadDlp
  • SharePoint Permissions
    • Sites.FullControl.All
API permissions page
Permissions

5. Click Add permissions after you’ve made your selections.

6. Click checkmark Grant admin consent for [tenant name].

    

"Grant admin consent confirmation" prompt

7. Click Yes after reviewing the Grant admin consent confirmation prompt.

8. Return to the Dash overview page in Microsoft Azure.

Finally, you’ll need to enter the Dash IDs from Microsoft Azure to the Dash admin console.


To do this:

  1. On the Dash overview page in Microsoft Azure, copy the Primary domain, then paste it into the Dropbox Dash prompt.
"Enter Primary Domain" prompt

2. Click Next.

3. Copy the Application (client) ID and the Directory (tenant) ID from Microsoft Azure, then paste them in the prompt in Dropbox Dash.

Copy the Application (client) ID and the Directory (tenant) ID
Enter IDs window

4. Click Next.

5. Click Certificates and secrets in the left sidebar in Microsoft Azure.

6. Copy the Thumbprint, then paste it into the Certificate thumbprint field in Dropbox Dash.

Certificates & secrets
Enter security keys window

7. Enter the private key associated with the certificate you uploaded to Azure. 

8. Click Next.

"Authenticate" window

9. Review the requested permissions in the pop-up window, then click Allow.

10. Return to the admin console page on dropbox.com where you’ll find the Ready to Sync prompt.

11. If you’d like to exclude specific drives from syncing to Dropbox Dash, click Select under Exclude content, then follow the steps in the section “How to exclude drives when connecting Microsoft 365 to Dropbox Dash” below. Otherwise, proceed to step 12.

12. Click Start syncing.

Your Microsoft OneDrive content will start syncing immediately. This can take anywhere from a few hours to a few days, depending on how much content is in your account. Dash admins will receive an email when all content has been synced.

Method 2: How to create and connect a service account

Service account requirements

To connect Microsoft OneDrive to Dropbox Dash, a Microsoft Global administrator must authenticate and authorize a company-level integration between Confluence and Dash. For better security and to prevent issues with the Microsoft OneDrive and Dash integration (like if an admin leaves), it's recommended to create a non-human admin service account in Microsoft Entra ID for this integration.

More information along with naming convention recommendations for service accounts can be found in the Service account recommendations for SaaS service integrations with Dropbox Dash document.

highlighter icon

Note: For this article, “svc-dropboxdash-microsoft-365” is referenced as the recommended account name for the service account.

Overview of setup:

Step 1: Create a new admin service account.

Step 2: Connect Microsoft OneDrive to Dropbox Dash using the service account.

How to create an admin service account for the Dropbox Dash integration

  1. Log in to Microsoft Azure with your admin credentials.
  2. Click Microsoft Entra ID.
Click Microsoft Entra ID

3. Click Manage on the left sidebar.

4. Click Users in the dropdown menu.

Click Users

5. Click New user.

6. Click Create new user in the dropdown menu.

Create new user

7. Enter “svc-dropboxdash-microsoft-365” in the user principal name (UPN) field.

8. Open the dropdown menu under User principal name to select the domain to which the user will be associated.

9. Leave Mail nickname as Derive from user principle name.

10. Enter “svc-dropboxdash-microsoft-365” in the Display name field.

11. Enter a new password in the Password field.

  • You can either use the auto-generated password provided or set your own.
  • In either case, note the password somewhere safe, such as your password management vault.

12. Leave Account enabled as checked.

13. Click Next: Properties at the bottom of the page.

Click Next: Properties

14. Enter “svc-dropboxdash-microsoft-365” in the First name field.

15. Click Next: Assignments at the bottom of the page.

Click Next: Assignments

16. Click Add role to open the Directory roles pane on the right.

17. Enter “Global” in the search field.

18. Check the Global Administrator role for this service account user.

19. Click Select at the bottom of the page.

  • You should now see Global Administrator as a role for this user.
Create new user window

20. Click Next: Review + create at the bottom of the page.

  • You should now see an overview of the account to be created.
Create new user window

21. Verify that the User principal name is “svc-dropboxdash-microsoft-365”.

22. Verify that the assigned role is Global Administrator.

23. Click Create to complete user creation.

"Create new user" page
  • You’ll be returned to the Users page and should see a Successfully created user pop-up message.
"Successfully created user" pop-up message

Refresh the page to see your new service account.

Once your service account is created, you can connect Microsoft OneDrive to Dropbox Dash.
 

How to connect Microsoft OneDrive to Dropbox Dash using the service account

To connect Microsoft OneDrive to Dropbox Dash using your service account:

  1. Log in to dash.ai with your admin credentials.
  2. Click your avatar (profile picture or initials) in the lower left.
  3. Select Admin console.
  4. Click Dash in the left sidebar.
  5. Click Apps.
  6. Click the More apps tab.
  7. Click Add to the right of Microsoft OneDrive.
  8. Select Authenticate with a service account, then click Start.
"Add Microsoft 365" prompt
9. Review the What to expect prompt, then click Next.
"What to expect" prompt

10. Click Next.

  • You’ll see a pop-up window asking you to allow Dropbox Dash to connect with Microsoft Azure.

11. Click Allow.

12. Enter the email address for the service account created in the previous steps. 

13. Click Next.

14. Enter the password for your service account. 

15. Click Sign in.

 

highlighter icon

Note: If you require multi-factor authentication (MFA) for accounts in your environment, you may be prompted for additional authentication associated with the service account.

16. Review the permissions requested, then click Accept.

17. Return to the admin console page on dropbox.com where you’ll find the Ready to Sync prompt.

18. If you’d like to exclude specific drives from syncing to Dropbox Dash, click Select under Exclude content, then follow the steps in the section “How to exclude drives when connecting Microsoft 365 to Dropbox Dash”. Otherwise, proceed to step 19.

19. Click Start syncing

Your Microsoft OneDrive content will start syncing immediately. This can take anywhere from a few hours to a few days, depending on how much content is in your account. Dash admins will receive an email when all content has been synced.

How to exclude drives when connecting Microsoft OneDrive to Dropbox Dash


To exclude specific drives from syncing during setup:

  1. After you’ve authorized Microsoft OneDrive in Dash, click Select under Exclude Content in the Ready to sync prompt.
  2. Enter the identifier for the drive you want to exclude.
    • For OneDrive, use the user's email address linked to their personal OneDrive.
    • For SharePoint, open the SharePoint site in a new window and copy the URL. SharePoint URLs should be in the format: https://[name].sharepoint.com/sites/[site-name], and must not end with “.aspx”
  3. Click Done.
  4. Click Start syncing in the Ready to sync prompt.
     

To manage excluded drives:

  1. Log in to dash.ai with your admin credentials. 
  2. Click your avatar (profile picture or initials) in the lower left.
  3. Select Admin console.
  4. Click Dash in the left sidebar.
  5. Click Apps.
  6. Click Microsoft OneDrive in the Your apps tab.
  7. Click  (edit) next to Excluded content.
  8. Connect or remove drives:
    • To connect a drive, enter the identifier for the drive you want to exclude.
      • For OneDrive, use the user's email address linked to their personal OneDrive.
      • For SharePoint, open the SharePoint site in a new window and copy the URL. SharePoint URLs should be in the format: https://[name].sharepoint.com/sites/[site-name], and must not end with “.aspx”
    • To remove and sync a drive, click  (delete) next to the identifier.
  9. Click Done.
highlighter icon

Notes:
  • If exclusion occurs after the initial sync, it may take a few hours to a few days to take effect in our systems, depending on the data size.
  • Dash only checks if the identifiers are structured correctly, not whether they’re correct or exist. Make sure they’re accurate before proceeding.
  • User exclusion in OneDrive only removes files from the user's My Drive. Shared documents or those where the user is a collaborator, but not the owner, can’t be excluded.
  • SharePoint exclusion removes all files from the entire SharePoint site.
  • You can exclude a user’s drive even if they aren’t a licensed Dash user.
  • Excluded content won’t appear in the Protect and Control page. Learn more about Protect and Control.
    • Protect and Control is only available for Dash for Business users.

FAQs about connecting Microsoft OneDrive to Dropbox Dash

Why do I need to allow Microsoft Graph, Office 365 Management API, and SharePoint permissions when registering Dropbox Dash in Microsoft Azure?

  • ActivityFeed.Read, ActivityFeed.ReadDlp, AuditLogsQuery-SharePoint: These permissions underpin Dash security and compliance guarantees. They’re used for the Protect and Control page to review audit logs and verify access. Learn more about Protect and Control, only available for Dash for Business users.
  • Files Read: This permission is used to obtain metadata and content from files for Dash.
  • Files Write: This permission is used to change file permissions for Protect and Control.
  • Domain.Read.All: This permission is used by Protect and Control to identify and catalog which links and users are internal or external.
  • Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, GroupMember.Read.All, User.Read.All, Group.ReadWrite.All, GroupMember.ReadWrite.All, User.ReadWrite.All: These permissions are used for details, such as user information and group memberships. For instance, one way access is granted in Microsoft is through groups. Protect and Control also uses groups to manage access to files, folders, and sites.
  • Sites.Read.All, Sites.FullControl.All, Sites.Manage.All, Sites.ReadWrite.All, Sites.FullControl.All: The read permissions are required for Dash to access files and folders on sites. Write is required by Protect and Control to manage permissions.
  • DelegatedPermissionGrant.Read.All, DelegatedPermissionGrant.ReadWrite.All: These permissions are used to confirm that Protect and Control and Dash have the necessary permissions.
  • Reports.Read.All: This permission is used to retrieve relevant analytics and usage data on your OneDrive and SharePoint data. 

Why do I need to create an unencrypted private key when generating a certificate in Microsoft Azure?

Private keys are used to establish trust between Dropbox Dash and Microsoft. When you upload a public key, Dash uses a private key to sign requests to Microsoft. This way, Microsoft can determine if the private key is paired with the public key you uploaded.

Encrypting a private key prevents it from being used for tasks like encryption or decryption. Therefore, we must use the unencrypted private key to sign requests.

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Related Articles

How to connect Confluence to Dropbox Dash

How admins can enforce policies in Dropbox Dash with Protect and Control

How to connect Adobe Marketo Engage to Dropbox Dash

How to connect Dropbox to Dropbox Dash

Community answers

Other ways to get help

Icon depicting two people
Community
Icon depicting a speech bubble
Contact support
Twitter Icon
Social media support