Setting up DryvIQ in an Office 365 GCC High Environment
Summary
Office 365 GCC High environments require special setup that GCC Moderate and public cloud accounts do not. This page details the steps needed to configure DryvIQ to migrate to and/or from a GCC High Office 365 tenancy.
Create a custom app registration for DryvIQ in the GCC High tenancy
DryvIQ in a GCC High environment currently requires a custom app registration to be created in that tenancy.
1. Go to the Azure Portal (https://portal.azure.us)
Navigate to the Azure Active Directory blade in the Azure portal.
2. Select App Registrations from the left navigation panel
Select New Registration.
3. Register an application
Name: Enter the user-facing display name for the application
Supported account types: Select option Accounts in this organization directory only…
Redirect URI: Enter the following https://api.portalarchitects.com/v1/external/oauth2
Select option to Register
On the Overview tab, make a note of the Application (client) ID value. This, along with the client secret (see below), will be used to set up the DryvIQ connection.
4. Select Certificates & secrets
Select New client secret.
Add new client secret.
Give a description for the new client secret.
Select an appropriate expiration date.
Click Add to create.
Copy the client secret value and save it. This, along with the application (client) ID will be used to create the DryvIQ connection.
After navigating away from this page, the client secret will no longer be available to view or copy. Be sure to save it at this step.
5. Configure API Permissions
On the left navigation panel, select API permissions.
Select Add a permission.
Select Microsoft Graph from the Request API permissions options.
Select Delegated permissions.
Scroll, expand, select then add the following permissions for Microsoft Graph:
6. Grant Admin Consent
Click Grant admin consent for (tenancy name).
Click Yes to confirm
Configure DryvIQ with custom app registration
Set the following configuration entries in DryvIQ.
The same application (client) ID and client secret values should be used for both Office 365 and OneDrive for Business but each connector must have its own configuration entries.
For SharePoint Online GCC High
Name | Value |
---|---|
office365-oauth2-gcch:client_id | Application (client) ID for custom app registration in Azure AD (above) |
office365-oauth2-gcch:client_secret | Client secret for custom app registration in Azure AD (above) |
For OneDrive for Business GCC High
Name | Value |
---|---|
onedrive-business-oauth2-gcch:client_id | Application (client) ID for custom app registration in Azure AD (above) |
onedrive-business-oauth2-gcch:client_secret | Client secret for custom app registration in Azure AD (above) |
See https://skysync.atlassian.net/wiki/spaces/S4D/pages/193265992 for more information on setting configuration options in DryvIQ.
Restart the DryvIQ Manager service after setting these configuration options to ensure that they will be used by DryvIQ.
Configure DryvIQ connections
In DryvIQ, go to Connections and click Add Connection. Then choose either the Microsoft Office 365 GccH (OAuth 2.0) or Microsoft OneDrive for Business GccH (OAuth 2.0) connector.
From this point, proceed as with the public Office 365 connectors.