/
SharePoint Online Graph API / OAuth 2.0 Connections

SharePoint Online Graph API / OAuth 2.0 Connections

What is SharePoint Online Graph API / OAuth 2.0?

SharePoint Online OAuth 2.0 connectors behave almost identically to the original SharePoint Online connections. They utilize the same API calls and require the same setup and account permissions. They use OAuth 2.0 to authenticate with SharePoint Online and OneDrive for Business.

What is the difference between OAuth 2.0 and the original SharePoint Online connections?

There are several differences between OAuth 2.0 connections and original SharePoint Online connections.

First, using the OAuth 2.0 flow for authentication allows for clients with MFA enabled to use DryvIQ to migrate their content. Also, since many customers are disabling legacy authentication, this form of authentication will be the only way to connect to Office 365 platforms.

Second, Microsoft will be using our registered application ID to track rate limits. This ID is only visible to Microsoft when using OAuth 2.0, which may allow clients higher rate limits before getting throttled.

Third, the OAuth 2.0 connection requires a global admin to give consent the first time it is used. Afterwards, any user can be used to create a connection between DryvIQ and Office 365. For clients who cannot allow the permission to “have full control of all your site collections,” please contact us, and the DryvIQ team can assist with a Custom App Registration.

Finally, these connections will utilize Microsoft's Graph API to perform native change detection on libraries. This will drastically reduce the number of calls required to check large libraries for any changes, as well as reduce job execution time.

When should OAuth 2.0 connections be used?

OAuth 2.0 connections should be the preferred way to connect to SharePoint Online and OneDrive for Business going forward. Functionality is the same in all ways except in change detection. The only time it should not be used is if a client is unwilling to globally authorize our application, as our application requests permissions that a global administrator must approve.

For clients who cannot allow the permission “Have full control of all your site collections,” please contact us, and the DryvIQ team can assist with a Custom App Registration

Can a custom Azure Storage Account be configured?

When migrating to Microsoft SharePoint and utilizing batch mode with Migration API, is there a way to specify a custom Azure Storage Account, or do we default to a temporary Storage Account until content is committed to SharePoint?

No, not at this time.

DryvIQ uses the default storage account that is leveraged by the Migration API for the SharePoint tenant you are migrating to. The CSOM call that DryvIQ makes provisions a migration storage account and message queue, ensuring the storage account is located in the same data center as the Office 365 tenant. This will also improve performance. Any content uploaded to the migration storage account will eventually be deleted after use. The migration storage account will not incur any additional costs

 

How do I update all my existing connections to use OAuth 2.0?

The best way to update all your existing jobs that are using the Office 365 or OneDrive for Business legacy connections is to duplicate/clone the job and replace it with the new connection. 

A OneDrive for Business OAuth 2.0 connection assumes Documents as the root.

 

If your previous job included Documents in the locations path, you must remove it when duplicating/cloning.


How to Create an OAuth 2.0 Connection

 

Features and Limitations

Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Use the Platform Comparison tool to explore how your integration platforms interact in terms of features and limitations.

 

SharePoint Online OAuth 2.0 Connections must have full control of all SharePoint site collections. For clients who cannot allow the permission “Have full control of all your site collections,” please contact us, and the DryvIQ team can assist with a Custom App Registration.

OneDrive for Business OAuth 2.0 Connections are automatically configured to the Documents library.

When configuring your job JSON, do not include "Documents" in the location path, such as /Documents/FolderName.

Correct configuration path: /FolderName

 

 

Files/Folders

SharePoint Online OAuth 2.0 connections have the following file/folder restrictions.  

  • Maximum file size: 100 GB

  • Maximum file name path length: 400 characters

  • Restricted characters in file/folder name include  / , | , \ , \\ , / , : , * , ? , < , >

  • Invalid folder names: _t, _w

  • Maximum number of files per folder: 5000

  • OneDrive for Business does not allow the following:

    • Two consecutive periods

    • Leading or trailing periods and white spaces

    • Non-printable ASCII characters

    • For more information on OneDrive for Business, see Microsoft’s official documentation.

 

Transferring Microsoft Lists is not supported.

 

Connection Pooling

  • Connections using OAuth 2 authentication may experience bandwidth throttling from Microsoft when using connection pooling.

Impersonation 

Impersonation is not supported for SharePoint Online. Impersonation is only supported for OneDrive for Business. 

Lock Events

Graph API does not support lock event detection without the use of a separate API call, which will slow down change detection. The workaround is to disable native event detection to transfer locks in each job run or to use a soft reset to transfer locks as needed. 

Mapping

  • When creating CSV mapping files for import, the usernames must be lowercase to adhere to the search requirements for the connector properly.

Metadata Mapping

  • If a library requires specific metadata but the metadata is missing from a file being copied into the library, the file will be flagged and will not transfer on subsequent jobs runs. If you have files stuck in a flagged state due to missing metadata, you may need to transfer the files and add the required metadata manually.  

Timestamps

  • SharePoint Online Folder Created Date may experience a discrepancy in timestamps when using CSOM and Batch Mode.

    • This behavior is a known issue within OneDrive for Business / Office 365.

    • DryvIQ will attempt to preserve timestamps on folders when using both CSOM and the batch API. However, SharePoint Online updates the folder's modified dates whenever a file is uploaded into it.

    • As a result, when using CSOM, the timestamps will be preserved when the folder is initially created, but then updated after every file that gets uploaded. When using the batch API, it preserves the timestamps on the folders after all of the files within the batch are committed. This is the cause of the discrepancy between the two methods.

Version Deletes

  • Version deletes are supported. 

DryvIQ Migrate Version: 5.9.17
Release Date: April 3, 2026