Microsoft OneDrive/SharePoint network storage

The Microsoft OneDrive/SharePoint network storage option allows you to use existing Microsoft OneDrive or SharePoint storage as additional storage space.

 

Adding the Microsoft OneDrive/SharePoint network storage

 

In the desired domain, navigate to the ACCOUNTS > Network Storage module. Click on the Add button, or right click anywhere in the grid area and select Add from the pop-up menu. In the Add Network Storage dialog window, select Microsoft OneDrive/SharePoint as the Protocol, then click on OK. The Add "Microsoft OneDrive/SharePoint" Network Storage dialog will appear as depicted in the image below.

 

 

Basic

 

Name - The unique name for this network storage.

 

Connection

 

The connection fields are obtained using the MS Entra ID admin, after an app registration is created using this application. Click on this link: Microsoft Entra ID application registration for details on how to register the application.

 

Directory ID - Directory (tenant) ID as taken from the Overview page of the Microsoft Entra admin center.

 

Client ID - Application (client) ID as taken from the Applications > App registrations page of the Microsoft Entra admin center. Locate your application and copy the Application (client) ID.

 

Client Secret - Client secret as taken from the Applications > App registrations page of the Microsoft Entra admin center. Select your application, then click on Certificates & secrets, then copy the client secret's Value field.

 

Username - Enter any valid Entra ID UPN. This field is not in use at this time.

 

User root drive access only - When checked, access will be limited to the user's default drive (the root drive, named OneDrive). Leave this box unchecked so that access to users and their associated drives can be obtained through SharePoint site(s).

 

Advanced

 

Remote directory - If selected, maps the local virtual path to a specific remote path on the target server (e.g. /Sites/TheSiteName/SomeFolderWithinTheSite). The "/Sites" portion of the directory is required. The SiteName is the name of the site and should be an exact match to what is displayed on the SharePoint admin page. This field is case-sensitive. So is the "SomeFolderWithinTheSite" portion of the directory, but specifying this is optional.

 

Map current local directory to remote directory - If selected, maps the local virtual path to remote path having the same name as the local virtual path.  For example, if network storage is mapped to virtual path /path, then when connecting to the network storage, it will drop the user in /path directory on target server.

 

Tags

 

Tags - If specified, this is the one or more tags that are used to limit which administrators have access to the network storage.

 

Microsoft Entra ID application registration

 

Go to the Microsoft Entra ID admin center application.

 

From the left-hand side menu, select Applications > App registrations.

 

Click on + New registration and enter a Name.  Click on the Register button.

 

From the App Registrations > Overview section, click on the Add a certificate or secret link.

 

From the App Registrations > Certificates & Secrets page, select + New client secret.

 

Enter a Description and choose a value for the Expires field. This indicates how long the client secret is valid for.

 

Click on the Add button, then copy-paste the Value field, which is the actual client secret. You will see this on the App registrations page, where your newly added client secret record is displayed.

 

From the App Registrations > Manage section, select API permissions. The registered application's API Permissions determines OneDrive/Site access. See below.

 

Click on + Add a permission, then click on Microsoft Graph.

 

Click on Application permissions (not Delegated permissions).

 

Enter sites in the Select permissions search bar, then expand Sites. The permissions to use (check) reduce down to two options: check any one of the Sites.xxxxx.All options - or check Sites.Selected.

  • Checking a Sites.xxxxx.All option is the least complicated because that is all you will need to do. It is also the only choice if running an MFT Server version prior to 2024.2. However, this grants the App registration access to all SharePoint sites and therefore MFT Server as well.

     

  • Checking Sites.Selected limits the sites that the App registration can access. An Entra ID admin must explicitly grant permissions to the sites that it can access. Please note that this only works with MFT Server 2024.2 and higher.

After making your selection, click on the Add permissions button.

 

On the API permissions (configured permissions page), click Grant admin consent for <domain> button, then click Yes to confirm.