How to add Microsoft 365 to Dropbox Dash

Updated Apr 18, 2025
person icon

The information in this article applies to admins on Dropbox Dash.


You can add your organization's Microsoft 365 account to Dropbox Dash to easily search for and find information about your content. With one click, you can receive answers on Dash or be directed to your content on SharePoint or Teams. By adding Microsoft 365 to Dropbox Dash, you'll enable sync of your organization’s SharePoint, OneDrive, and Teams content with Dash.

Authorization methods

There are two methods to authorize the connection between Microsoft 365 products (OneDrive, SharePoint, Teams files) and Dash:

  1. Register app in Microsoft Azure: Exchange certificates between Dash and Microsoft Entra ID to register the app on Microsoft Azure.
    • Note: This method is recommended as it links the authorization to the Azure system rather than to an admin user account.
  2. Authenticate with a service account: Create an admin account for accessing Microsoft 365 content to allow authorization between Dash and Microsoft 365.

Follow the instructions below for the method that best works for your organization.

Method 1: How to register Dropbox Dash in Microsoft Entra

  1. Log in to dash.ai with your admin credentials.
  2. Click your avatar (profile picture or initials) in the lower left.
  3. Select Admin console.
  4. Click Dash in the left sidebar.
  5. Click Apps.
  6. Click the More apps tab.
  7. Click Add to the right of Microsoft 365.
  8. Select Register app in Microsoft Azure, then click Start.
"Choose how to add Dash" prompt

9. Review the steps in What to expect, then click Next.

10. Click Azure portal and log in with your credentials.

At this point, you’ll need to create a new app registration in Microsoft Azure before you can continue with the prompts in Dash.

To create a new app registration in Microsoft Azure:

  1. In Microsoft Azure, click Microsoft Entra ID in the left sidebar.
Click Microsoft Entra ID in the left sidebar

2. Click Manage in the left sidebar, then click App registrations in the expanded list.

3. Click  New registration.

Click New registration.
4. On the Register an application page, enter “Dash” in the Name field.
Enter “Dash” in the Name field.

5. Under Supported account types, select Accounts in this organizational directory only.

6. Under Redirect URI (optional), click Select a platform, then select Web.

7. Paste the following address into the empty field: https://www.dropbox.com/oauth_connectors/redirect

8. Click Register.

Once you’ve registered Dash in Microsoft Azure, you’ll need to add the appropriate certificates and permissions.


 

To add a certificate:

  1. On the Dash overview page in Microsoft Azure, click Add a certificate or secret next to Client credentials.
"Click Add a certificate or secret next to Client credentials"

2. Create a private key for secure authentication between Microsoft 365 and Dash.

3. Click Upload certificate, choose your file, then click Add.

"Upload certificate" window

 

To add API permissions:

  1. On the Dash overview page in Microsoft Azure, click API permissions in the left sidebar.
  2. Click ① Add a permission.
API permissions page

3. Add the following permissions:

  • Microsoft Graph
    • AuditLogsQuery-SharePoint
    • Directory.Read.All
    • Files.Read.All
    • Group.Read.All
    • GroupMember.Read.All
    • Reports.Read.All
    • Sites.Read.All
    • User.Read.All
    • DelegatedPermissionGrant.Read.All
    • DelegatedPermissionGrant.ReadWrite.All
    • Directory.ReadWrite.All
    • Domain.Read.All
    • Files.ReadWrite.All
    • Group.ReadWrite.All
    • GroupMember.ReadWrite.All
    • Sites.FullControl.All
    • Sites.Manage.All
    • Sites.ReadWrite.All
    • User.ReadWrite.All
  • Office 365 Management API Permissions
    • ActivityFeed.Read
    • ActivityFeed.ReadDlp
  • SharePoint Permissions
    • Sites.FullControl.All
Permissions
4. Click Yes after reviewing the Grant admin consent confirmation prompt.
"Grant admin consent confirmation" prompt

5. Return to the Dash overview page in Microsoft Azure.

Finally, you’ll need to enter the Dash IDs from Microsoft Azure to the Dash admin console.


To do this:

  1. On the Dash overview page in Microsoft Azure, copy the Primary domain, then paste it into the Dropbox Dash prompt.
"Enter Primary Domain" prompt

2. Click Next.

3. Copy the Application (client) ID and the Directory (tenant) ID from Microsoft Azure, then paste them in the prompt in Dropbox Dash.

Copy the Application (client) ID and the Directory (tenant) ID
Enter IDs window

4. Click Next.

5. Click Certificates and secrets in the left sidebar in Microsoft Azure.

6. Copy the Thumbprint, then paste it into the Certificate thumbprint field in Dropbox Dash.

Certificates & secrets
Enter security keys window

7. Enter the private key associated with the certificate you uploaded to Azure. 

8. Click Next.

"Authenticate" window

9. Review the requested permissions in the pop-up window, then click Allow.

10. Return to the admin console page on dropbox.com where you’ll find the Ready to Sync prompt.

11. If you’d like to exclude specific drives from syncing to Dropbox Dash, click Select under Exclude content, then follow the steps in the section “How to exclude drives when adding Microsoft 365 to Dropbox Dash” below. Otherwise, proceed to step 12.

12. Click Start syncing.

Your Microsoft 365 content will start syncing immediately. This can take anywhere from a few hours to a few days, depending on how much content is in your account. Dash admins will receive an email when all content has been synced.

Method 2: How to create and add a service account

Service account requirements

To add Microsoft 365 to Dropbox Dash, a Microsoft Global administrator must authenticate and authorize a company-level integration between Confluence and Dash. For better security and to prevent issues with the Microsoft 365 and Dash integration (like if an admin leaves), it's recommended to create a non-human admin service account in Microsoft Entra ID for this integration.

More information along with naming convention recommendations for service accounts can be found in the Service account recommendations for SaaS service integrations with Dropbox Dash document.

highlighter icon

Note: For this article, “svc-dropboxdash-microsoft-365” is referenced as the recommended account name for the service account.

Overview of setup:

 

Step 1: Create a new admin service account.

Step 2: Add Microsoft 365 to Dropbox Dash using the service account.

How to create an admin service account for the Dropbox Dash integration

  1. Log in to Microsoft Azure with your admin credentials.
  2. Click Microsoft Entra ID.
Click Microsoft Entra ID

3. Click Manage on the left sidebar.

4. Click Users in the dropdown menu.

Click Users

5. Click New user.

6. Click Create new user in the dropdown menu.

Create new user

7. Enter “svc-dropboxdash-microsoft-365” in the user principal name (UPN) field.

8. Open the dropdown menu under User principal name to select the domain to which the user will be associated.

9. Leave Mail nickname as Derive from user principle name.

10. Enter “svc-dropboxdash-microsoft-365” in the Display name field.

11. Enter a new password in the Password field.

  • You can either use the auto-generated password provided or set your own.
  • In either case, note the password somewhere safe, such as your password management vault.

12. Leave Account enabled as checked.

13. Click Next: Properties at the bottom of the page.

Click Next: Properties

14. Enter “svc-dropboxdash-microsoft-365” in the First name field.

15. Click Next: Assignments at the bottom of the page.

Click Next: Assignments

16. Click Add role to open the Directory roles pane on the right.

17. Enter “Global” in the search field.

18. Check the Global Administrator role for this service account user.

19. Click Select at the bottom of the page.

  • You should now see Global Administrator as a role for this user.
Create new user window

20. Click Next: Review + create at the bottom of the page.

  • You should now see an overview of the account to be created.
Create new user window

21. Verify that the User principal name is “svc-dropboxdash-microsoft-365”.

22. Verify that the assigned role is Global Administrator.

23. Click Create to complete user creation.

"Create new user" page
  • You’ll be returned to the Users page and should see a Successfully created user pop-up message.
"Successfully created user" pop-up message

Refresh the page to see your new service account.

Once your service account is created, you can add Microsoft 365 to Dropbox Dash.
 

How to add Microsoft 365 to Dropbox Dash using the service account

To add Microsoft 365 to Dropbox Dash using your service account:

  1. Log in to dash.ai with your admin credentials.
  2. Click your avatar (profile picture or initials) in the lower left.
  3. Select Admin console.
  4. Click Dash in the left sidebar.
  5. Click Apps.
  6. Click the More apps tab.
  7. Click Add to the right of Microsoft 365.
  8. Select Authenticate with a service account, then click Start.
"Add Microsoft 365" prompt
9. Review the What to expect prompt, then click Next.
"What to expect" prompt

10. Click Next.

  • You’ll see a pop-up window asking you to allow Dropbox Dash to connect with Microsoft Azure.

11. Click Allow.

12. Enter the email address for the service account created in the previous steps. 

13. Click Next.

14. Enter the password for your service account. 

15. Click Sign in.

 

highlighter icon

Note: If you require multi-factor authentication (MFA) for accounts in your environment, you may be prompted for additional authentication associated with the service account.

16. Review the permissions requested, then click Accept.

17. Return to the admin console page on dropbox.com where you’ll find the Ready to Sync prompt.

18. If you’d like to exclude specific drives from syncing to Dropbox Dash, click Select under Exclude content, then follow the steps in the section “How to exclude drives when adding Microsoft 365 to Dropbox Dash”. Otherwise, proceed to step 19.

19. Click Start syncing

Your Microsoft 365 content will start syncing immediately. This can take anywhere from a few hours to a few days, depending on how much content is in your account. Dash admins will receive an email when all content has been synced.

How to exclude drives when adding Microsoft 365 to Dropbox Dash


To exclude specific drives from syncing during setup:

  1. After you’ve authorized Microsoft 365 in Dash, click Select under Exclude Content in the Ready to sync prompt.
  2. Enter the identifier for the drive you want to exclude.
    • For OneDrive, use the user's email address linked to their personal OneDrive.
    • For SharePoint, open the SharePoint site in a new window and copy the URL. SharePoint URLs should be in the format: https://[name].sharepoint.com/sites/[site-name], and must not end with “.aspx”
  3. Click Done.
  4. Click Start syncing in the Ready to sync prompt.
     

To mange excluded drives:

  1. Log in to dash.ai with your admin credentials. 
  2. Click your avatar (profile picture or initials) in the lower left.
  3. Select Admin console.
  4. Click Dash in the left sidebar.
  5. Click Apps.
  6. Click Microsoft 365 in the Your apps tab.
  7. Click  (edit) next to Excluded content.
  8. Add or remove drives:
    • To add a drive, enter the identifier for the drive you want to exclude.
      • For OneDrive, use the user's email address linked to their personal OneDrive.
      • For SharePoint, open the SharePoint site in a new window and copy the URL. SharePoint URLs should be in the format: https://[name].sharepoint.com/sites/[site-name], and must not end with “.aspx”
    • To remove and sync a drive, click  (delete) next to the identifier.
  9. Click Done.
highlighter icon

Notes:
  • If exclusion occurs after the initial sync, it may take a few hours to a few days to take effect in our systems, depending on the data size.
  • Dash only checks if the identifiers are structured correctly, not whether they’re correct or exist. Make sure they’re accurate before proceeding.
  • User exclusion in OneDrive only removes files from the user's My Drive. Shared documents or those where the user is a collaborator, but not the owner, can’t be excluded.
  • SharePoint exclusion removes all files from the entire SharePoint site.
  • You can exclude a user’s drive even if they aren’t a licensed Dash user.
  • Excluded content won’t appear in the Protect and control page. Learn more about Protect and control.

FAQs about adding Microsoft 365 to Dropbox Dash

Why do I need to allow Microsoft Graph, Office 365 Management API, and SharePoint permissions when registering Dropbox Dash in Microsoft Azure?

  • ActivityFeed.Read, ActivityFeed.ReadDlp, AuditLogsQuery-SharePoint: These permissions underpin Dash security and compliance guarantees. They’re used for the Protect and control page to review audit logs and verify access. Learn more about Protect and control.
  • Files Read: This permission is used to obtain metadata and content from files for Dash.
  • Files Write: This permission is used to change file permissions for Protect and control.
  • Domain.Read.All: This permission is used by Protect and control to identify and catalog which links and users are internal or external.
  • Directory.Read.All, Directory.ReadWrite.All, Group.Read.All, GroupMember.Read.All, User.Read.All, Group.ReadWrite.All, GroupMember.ReadWrite.All, User.ReadWrite.All: These permissions are used for details, such as user information and group memberships. For instance, one way access is granted in Microsoft is through groups. Protect and control also uses groups to manage access to files, folders, and sites.
  • Sites.Read.All, Sites.FullControl.All, Sites.Manage.All, Sites.ReadWrite.All, Sites.FullControl.All: The read permissions are required for Dash to access files and folders on sites. Write is required by Protect and control to manage permissions.
  • DelegatedPermissionGrant.Read.All, DelegatedPermissionGrant.ReadWrite.All: These permissions are used to confirm that Protect and control and Dash have the necessary permissions.
  • Reports.Read.All: This permission is used to retrieve relevant analytics and usage data on your OneDrive and SharePoint data. 

Why do I need to create an unencrypted private key when generating a certificate in Microsoft Azure?

Private keys are used to establish trust between Dropbox Dash and Microsoft. When you upload a public key, Dash uses a private key to sign requests to Microsoft. This way, Microsoft can determine if the private key is paired with the public key you uploaded.

 

Encrypting a private key prevents it from being used for tasks like encryption or decryption. Therefore, we must use the unencrypted private key to sign requests.

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Community answers

Related Articles

How to add Slack to Dropbox Dash

Admins

Learn to integrate Slack with Dropbox Dash to quickly and easily search through message content, replies and attached documents.

View article

How to add Dropbox to Dropbox Dash

Admins

Easily add your Dropbox account to Dropbox Dash to search and access your Dropbox content directly within Dash. Learn more and add Dropbox to Dash.

View article

How to add Google Drive to Dropbox Dash

Admins

Easily add your Google Drive account to Dropbox Dash to search and access your Google Drive content directly within Dash. Learn more and add Google Drive to Dash.

View article

How to add Jira to Dropbox Dash

Admins

Easily add your Jira account to Dropbox Dash to search and access your Jira content directly within Dash. Learn more and add Jira to Dash.

View article

Other ways to get help

Icon depicting two people
Community
Twitter Icon
X
Icon depicting a speech bubble
Contact support