How to add Microsoft 365 to Dropbox Dash

You can add your organization's Microsoft 365 account to Dropbox Dash to easily search for and find information about your content. With one click, you can receive answers on Dash or be directed to your content on SharePoint or Teams. By adding Microsoft 365 to Dropbox Dash, you'll enable sync of your organization’s SharePoint, OneDrive, and Teams content with Dash.

Authorization methods

There are two methods to authorize the connection between Microsoft 365 products (OneDrive, SharePoint, Teams files) and Dash:

1. Register app in Microsoft Azure: Exchange certificates between Dash and Microsoft Entra ID to register the app on Microsoft Azure.
   • Note: This method is recommended as it links the authorization to the Azure system rather than to an admin user account.
2. Authenticate with a service account: Create an admin account for accessing Microsoft 365 content to allow authorization between Dash and Microsoft 365.

Follow the instructions below for the method that best works for your organization.

Method 1: How to register Dropbox Dash in Microsoft Entra

1. Log in to dash.ai with your admin credentials.
2. Click your avatar (profile picture or initials) in the lower left.
3. Select Admin console.
4. Click Dash in the left sidebar.
5. Click Apps.
6. Click the More apps tab.
7. Click ①Add to the right of Microsoft 365.
8. Select Register app in Microsoft Azure, then click Start.

9. Review the steps in What to expect, then click Next.

10. Click Azure portal and log in with your credentials.

At this point, you’ll need to create a new app registration in Microsoft Azure before you can continue with the prompts in Dash.

To create a new app registration in Microsoft Azure:

1. In Microsoft Azure, click Microsoft Entra ID in the left sidebar.

2. Click Manage in the left sidebar, then click App registrations in the expanded list.

3. Click ① New registration.

4. On the Register an application page, enter “Dash” in the Name field.

5. Under Supported account types, select Accounts in this organizational directory only.

6. Under Redirect URI (optional), click Select a platform, then select Web.

7. Paste the following address into the empty field: https://www.dropbox.com/oauth_connectors/redirect

8. Click Register.

Once you’ve registered Dash in Microsoft Azure, you’ll need to add the appropriate certificates and permissions.

 

To add a certificate:

1. On the Dash overview page in Microsoft Azure, click Add a certificate or secret next to Client credentials.

2. Create a private key for secure authentication between Microsoft 365 and Dash.

• Consult your IT department on how certificates are managed within your own organization. Learn more about creating and managing certificates.
• When generating the certificate, create an unencrypted private key.

3. Click Upload certificate, choose your file, then click Add.

To add API permissions:

1. On the Dash overview page in Microsoft Azure, click API permissions in the left sidebar.
2. Click ① Add a permission.

3. Add the following permissions:

• Microsoft Graph
  • AuditLogsQuery-SharePoint
  • Directory.Read.All
  • Files.Read.All
  • Group.Read.All
  • GroupMember.Read.All
  • Reports.Read.All
  • Sites.Read.All
  • User.Read.All
  • DelegatedPermissionGrant.Read.All
  • DelegatedPermissionGrant.ReadWrite.All
  • Directory.ReadWrite.All
  • Domain.Read.All
  • Files.ReadWrite.All
  • Group.ReadWrite.All
  • GroupMember.ReadWrite.All
  • Sites.FullControl.All
  • Sites.Manage.All
  • Sites.ReadWrite.All
  • User.ReadWrite.All
• Office 365 Management API Permissions
  • ActivityFeed.Read
  • ActivityFeed.ReadDlp
• SharePoint Permissions
  • Sites.FullControl.All

4. Click Yes after reviewing the Grant admin consent confirmation prompt.

5. Return to the Dash overview page in Microsoft Azure.

Finally, you’ll need to enter the Dash IDs from Microsoft Azure to the Dash admin console.

To do this:

1. On the Dash overview page in Microsoft Azure, copy the Primary domain, then paste it into the Dropbox Dash prompt.

2. Click Next.

3. Copy the Application (client) ID and the Directory (tenant) ID from Microsoft Azure, then paste them in the prompt in Dropbox Dash.

4. Click Next.

5. Click Certificates and secrets in the left sidebar in Microsoft Azure.

6. Copy the Thumbprint, then paste it into the Certificate thumbprint field in Dropbox Dash.

7. Enter the private key associated with the certificate you uploaded to Azure. 

8. Click Next.

9. Review the requested permissions in the pop-up window, then click Allow.

10. Return to the admin console page on dropbox.com where you’ll find the Ready to Sync prompt.

11. If you’d like to exclude specific drives from syncing to Dropbox Dash, click Select under Exclude content, then follow the steps in the section “How to exclude drives when adding Microsoft 365 to Dropbox Dash” below. Otherwise, proceed to step 12.

12. Click Start syncing.

Your Microsoft 365 content will start syncing immediately. This can take anywhere from a few hours to a few days, depending on how much content is in your account. Dash admins will receive an email when all content has been synced.

Method 2: How to create and add a service account

Service account requirements

To add Microsoft 365 to Dropbox Dash, a Microsoft Global Administrator administrator must authenticate and authorize a company-level integration between Confluence and Dash. For better security and to prevent issues with the Microsoft 365 and Dash integration (like if an admin leaves), it's recommended to create a non-human admin service account in Microsoft Entra ID for this integration.

More information along with naming convention recommendations for service accounts can be found in the Service account recommendations for SaaS service integrations with Dropbox Dash document.

Overview of setup:

Step 1: Create a new admin service account.

Step 2: Add Microsoft 365 to Dropbox Dash using the service account.

How to create an admin service account for the Dropbox Dash integration

1. Log in to Microsoft Azure with your admin credentials.
2. Click Microsoft Entra ID.

3. Click Manage on the left sidebar.

4. Click Users in the dropdown menu.

5. Click New user.

6. Click Create new user in the dropdown menu.

7. Enter “svc-dropboxdash-microsoft-365” in the user principal name (UPN) field.

8. Open the dropdown menu under User principal name to select the domain to which the user will be associated.

9. Leave Mail nickname as Derive from user principle name.

10. Enter “svc-dropboxdash-microsoft-365” in the Display name field.

11. Enter a new password in the Password field.

• You can either use the auto-generated password provided or set your own.
• In either case, note the password somewhere safe, such as your password management vault.

12. Leave Account enabled as checked.

13. Click Next: Properties at the bottom of the page.

14. Enter “svc-dropboxdash-microsoft-365” in the First name field.

15. Click Next: Assignments at the bottom of the page.

16. Click Add role to open the Directory roles pane on the right.

17. Enter “Global” in the search field.

18. Check the Global Administrator role for this service account user.

19. Click Select at the bottom of the page.

• You should now see Global Administrator as a role for this user.

20. Click Next: Review + create at the bottom of the page.

• You should now see an overview of the account to be created.

21. Verify that the User principal name is “svc-dropboxdash-microsoft-365”.

22. Verify that the assigned role is Global Administrator.

23. Click Create to complete user creation.

• You’ll be returned to the Users page and should see a Successfully created user pop-up message.

Refresh the page to see your new service account.

Once your service account is created, you can add Microsoft 365 to Dropbox Dash.
 

How to add Microsoft 365 to Dropbox Dash using the service account

To add Microsoft 365 to Dropbox Dash using your service account:

1. Log in to dash.ai with your admin credentials.
2. Click your avatar (profile picture or initials) in the lower left.
3. Select Admin console.
4. Click Dash in the left sidebar.
5. Click Apps.
6. Click the More apps tab.
7. Click ①Add to the right of Microsoft 365.
8. Select Authenticate with a service account, then click Start.

9. Review the What to expect prompt, then click Next.

10. Click Next.

• You’ll see a pop-up window asking you to allow Dropbox Dash to connect with Microsoft Azure.

11. Click Allow.

12. Enter the email address for the service account created in the previous steps. 

13. Click Next.

14. Enter the password for your service account. 

15. Click Sign in.

16. Review the permissions requested, then click Accept.

17. Return to the admin console page on dropbox.com where you’ll find the Ready to Sync prompt.

18. If you’d like to exclude specific drives from syncing to Dropbox Dash, click Select under Exclude content, then follow the steps in the section “How to exclude drives when adding Microsoft 365 to Dropbox Dash”. Otherwise, proceed to step 19.

19. Click Start syncing. 

Your Microsoft 365 content will start syncing immediately. This can take anywhere from a few hours to a few days, depending on how much content is in your account. Dash admins will receive an email when all content has been synced.

How to exclude drives when adding Microsoft 365 to Dropbox Dash

To exclude specific drives from syncing during setup:

1. After you’ve authorized Microsoft 365 in Dash, click Select under Exclude Content in the Ready to sync prompt.
2. Enter the identifier for the drive you want to exclude.
   • For OneDrive, use the user's email address linked to their personal OneDrive.
   • For SharePoint, open the SharePoint site in a new window and copy the URL. SharePoint URLs should be in the format: https://[name].sharepoint.com/sites/[site-name], and must not end with “.aspx”
3. Click Done.
4. Click Start syncing in the Ready to sync prompt.
    

To mange excluded drives:

1. Log in to dash.ai with your admin credentials. 
2. Click your avatar (profile picture or initials) in the lower left.
3. Select Admin console.
4. Click Dash in the left sidebar.
5. Click Apps.
6. Click Microsoft 365 in the Your apps tab.
7. Click ① (edit) next to Excluded content.
8. Add or remove drives:
   • Enter the identifier for the drive you want to exclude.
     • For OneDrive, use the user's email address linked to their personal OneDrive.
     • For SharePoint, open the SharePoint site in a new window and copy the URL. SharePoint URLs should be in the format: https://[name].sharepoint.com/sites/[site-name], and must not end with “.aspx”
   • To remove and sync a drive, click ① (delete) next to the identifier.
9. Click Done.