How can we help you today?
Steps to install and manage SharePoint Azure AD Permissions using Wanpath Sites.Selected Manager Web Part
Microsoft graph now provides the option to set granular Azure AD App permissions level using the new Azure Graph API Sites.Selected option instead of granting permission for all the sites in the tenant. The permission Sites.Selected does not provide access to any SharePoint site collections for the application unless the Azure AD application has been assigned the permission roles read or write by an Admin. In this article and video we show how to grant an Azure AD application permission (Read or Write) to a SharePoint site using the new Azure Graph API Sites.Selected option using our SharePoint Sites Selected Manager Web Part.
Login to portal.office.com using an account with SharePoint Admin permissions(do not login using incognito/in-private as the web part will fail to load in that mode).
Create the app catalog as needed
If you don’t already have an app catalog, create one. This article describes the process:
Go to More Features on SharePoint Admin Page
Click Apps, then click App Catalog
Automatically create a new app catalog site.
Upload Wanpath Sites Selected Web Part
Click Distribute App for SharePoint
Upload our SharePoint Site Selected Manager Web Part available here
Click to Deploy:
Return to SharePoint Admin https://admin.microsoft.com/sharepoint?page=classicfeatures&modern=true
Approve API Access
Site-admin.sharepoint.com – home – advanced – API Access (this takes a few moments to load and might show some warnings while loading) then click – approve for both Microsoft Graph permissions.
Add Web Part App to Site
Add the Web Part to the MyWorkDrive Office Online Edit page
Edit Page, Add a Web Part: “Site Selected Manager”
Add Azure App Permission to Site
Using the newly added Web Part, click Add/Remove sites to Apps
All App registrations requesting application sites.selected graph API Permissions will be listed.
Highlight your newly created Azure AD App Id, Click Add app permissions in the menu above the list of permissions.
Input your SharePoint MyWorkDrive Service URL – e.g. https://company.sharepoint.com/sites/mwdservice
Choose Read/Write. Click Grant.
Permissions will be granted.
Optionally check app permissions on a site to confirm after entering the site URL:
This can be used to verify your changes were accepted or double check if an app has previously been granted permission.
Once this process is complete, you can use MyWorkDrive with SharePoint Service mode for Office Online editing. Be sure to complete setup in the Settings tab of MyWorkDrive to enable it for your users.