FAQ sapio365 | Ytria

Here are answers to some of the most popular questions about sapio365

Here are some answers to frequently asked questions about sapio365Here are some answers to frequently asked questions about sapio365

What would you like to know?

sapio365 FAQs

General questions about sapio365

Why is sapio365 a desktop application?

Although web-based portals and interfaces are convenient, and very much in fashion, they often lack the immediacy and pure data-handling power of a compiled application.

Due to the nature of sapio365, whose approach is bringing entire tenants of data directly to the forefront, and letting you work with this data in a multitude of ways, a compiled desktop client is the only way to achieve this.

No, you can't manage your tenant from a tablet, or from your phone. What you do get is access to even multiple tenants of data at once, across multiple account sessions.

Serious Office 365 administration and management, through one dedicated client.

This also has added security benefits as well. Contrary to any number of web-based solutions, sapio365's local installation means that your data STAYS WITH YOU, and NEVER passes through another server.

Is my Office 365 data cached on my computer while using sapio365?

While sapio365 retrieves your tenant data to display it in a grid, ONLY the user and group lists are stored locally on your machine. This caching is necessary for much faster loading when dealing with massive numbers of users and groups.  

Cached data is stored in a local database encrypted by and for the current computer. Note that caching is an option that can be disabled at any time. 

No tenant data is stored once your session is closed except for the cache (if enabled), files you've downloaded and any grid data you've exported.

I see what looks like files in the sapio365 interface. Is what I see a copy of my OneDrive files?


File-type icons are included in sapio365's grid for quick reference purposes only. sapio365 provides you with a "dynamic snapshot" of OneDrive contents. It also gives you the option to download files if you choose to do so.

Can sapio365 be automated?

All features in sapio365 can be used in automated tasks in sapio365. We call these JOBs and they are ready to use from within the modules and from the main window. You can even schedule them to run during off hours and receive the report by email. Presets offer a one-time setup which can then be reused for repeating job schedules.

Office 365 changes quite rapidly. How often are new sapio365 versions released?

We work hard to stay up to date with the latest changes in Office 365 and whether or not it is possible to implement functionality related to these changes. Currently, there is no set release schedule for sapio365. But, on the average, you can expect a couple of updates per quarter.

What are the minimum system requirements for running sapio365?

sapio365 runs on Windows 7 or later. So, of course, your computer must have at least this minimum. However, we recommend that you have at least the following:

  • Free space: 200 MB on your destination drive
  • RAM: As much as possible*
  • CPU: As fast as possible*

*sapio365 is available in both 32-bit and 64-bit versions, and is subject to certain constraints:
The 32-bit version is limited to the memory usage limitations inherent to 32-bit.
The 64-bit version will make use of the full capacity of your system.

Does Ytria have any access to my Office 365 data?

No. sapio365 is a local installation and your data NEVER passes through another server. Ytria employs secure authentication methods so you can access your data with sapio365, but has no access whatsoever to any data that is retrieved using sapio365.

Ytria doesn't even have access to the sapio365 trace log, unless you choose to send a copy to us for support purposes.


Why is sapio365 making me sign-in and grant permissions? Is this secure?

When first launching sapio365 with either a Standard or Advanced session, you are asked to sign-in with your Microsoft Office 365 credentials. If the authentication is successful and if you are allowed to consent to applications, you will then be prompted by Microsoft to grant ‘app consent’ to sapio365. This Microsoft dialog says: “This app would like to: ”, followed by a list of permissions.

The consent you give is strictly between the sapio365 app and your tenant. And since sapio365 is installed on your computer, this means that your data NEVER goes through any third-party servers. Learn more about consent here.

Advanced session with elevated privileges

How do I create an Advanced session with privileges?

Before you begin

A sapio365 Advanced session with elevated privileges is different from either a Standard or Advanced session in that the registered application it uses does not require that a 'user' signs in. Also, while those other session types use an Azure Active Directory registration created by Ytria, to elevate privileges of an Advanced session you must use a registered application in your own tenant, based on select Microsoft Graph permission scopes.

The quickest way is to automatically create a sapio365 application in your tenant directly from sapio365 (follow the steps in option 1).

Control and liability

There is no "user" signed in during an Advanced session with elevated privileges, so there are real-life security implications that you should be aware of when setting up your application permissions.

You are registering the application yourself. So you can define the application permissions as you see fit. If you choose, you can register multiple applications, all with different permission profiles.

Any applications you register will be unusable until an administrator has consented to all assigned permission scopes for the application. The permission scopes shown in this document represent the maximum access potential. You can decide for yourself any limits you'd like to place on your Advanced session with elevated privileges. You can modify the permission scopes for the application even after admin consent has been given. Feel free to experiment.

Even after admin consent has been given for the application. sapio365 will require both the application ID and the password.

We highly recommend that you protect all application IDs and passwords so that only eligible users can use Advanced sessions with elevated privileges.

OPTION 1 - Create application from sapio365

The quickest way to create an Advanced session with elevated privileges is to do it right from sapio365. The process creates a new registration with API permissions pre-selected (listed in Option 2, Step 13) for maximum access. You can always add or remove permissions for this application from the Azure portal.

The Sign In screen for Microsoft's Application Registration Portal

Step 1 In an active Advanced session, click on the ‘Elevate Privileges’ button at the top left.

Step 2 Click on 'Continue' to create the application in your Azure AD (this may take a few minutes).

Microsoft's My applications screen with Add an app ready to be clicked

Step 3 Click on 'Proceed' to continue. You'll only see this dialog box after your first launch of an Advanced session in sapio365.

Microsoft's Application Registration Portal showing the application name, a link to platform policies, and the Create button

Step 4 Sign in with your credentials.

Microsoft's My applications screen with Add an app ready to be clicked

Step 5 Consent to the permissions used by the application.

You're now ready to access all mailbox and site content!

OPTION 2 - Create application at the v2 Azure Active Directory Endpoint

To work with an Advanced session with elevated privileges, you'll need a key pair for proper authentication: an app ID that will identify the application and the password provided (see Step 8) which will authenticate the application.

Microsoft's Select Permission dialog in the app ID creation process

Step 2 Create a new registration


Step 3 Name your application.

Redirect URI (optional): If you choose not to give consent during the registration process (Step 7) and to give consent directly in sapio365, you will need to enter the following URI: http://localhost:33366. This is the default address used by sapio365 to complete the consent process. If you need to enter a different address, you may.

Step 4 Register it.

Microsoft's Application Registration Portal screen showing the Profile options

Step 5 Copy and save the Application ID to enter in sapio365.

Step 6 Add permissions.

sapio365's Ultra Admin Session Activation dialog

Step 7 Click on “User.Read” permission.

Step 8 Remove this permission.

Step 9 Click on “Add permission”.

Microsoft's Application Registration Portal showing the current Delegated Permisisons and the Application Permissions

Step 10 Click on Add permissions.

Step 11 Click on “Microsoft Graph”.

Microsoft's Application Registration Portal showing the current Delegated Permisisons and the Application Permissions

Step 12 Click on “Application permissions”.

Microsoft's Application Registration Portal showing the current Delegated Permisisons and the Application Permissions

Step 13 Select permissions.

In each category, check the required permissions (see the recommended list below) and when finished, click on Add permissions.

You have full flexibility to add whichever permissions you choose. The following list of permission scopes is simply a suggestion. To learn more about these permission scopes, see the Active Directory v.2 Permission Scope Reference Guide.

For a complete experience, the following permission scopes should be assigned:


sapio365's Ultra Admin Session Activation dialog

If you have opted to consent through the application, skip the next steps and go to step 17.

Step 14 Click “Grant admin consent for ….”

Step 15 Confirm the consent request.

sapio365's Ultra Admin Session Activation dialog

Step 16 You will see a confirmation.

sapio365's Ultra Admin Session Activation dialog

Step 17 Go to “Certificates & secrets”.

Step 18 Click on “New client secret”.

Step 19 Choose an expiration period.

Step 20 Click “Add”.

sapio365's Ultra Admin Session Activation dialog

Step 21 Copy and save the new client secret to use in sapio365.

IMPORTANT: This is the only time you will see your password! sapio365 will not let you retrieve it. Take note of it now and keep it safe.

Create an Azure Cosmos DB account

What is Cosmos DB

Azure Cosmos DB is a globally distributed, database service, transparently replicating your data across any number of Azure regions.

Why we use Cosmos DB?

sapio365 uses Cosmos DB to securely store RBAC information and settings. This means all data remains secure within your Tenant ecosystem - Ytria has no access.

How do I create an Azure Cosmos DB Account?

Before you start you must have

  1. An Azure account with
  2. an active subscription

Create a Cosmos DB Account

In sapio365, go to About sapio365 > Set Cosmos DB Connection Info > Create New Cosmos DB Account. Once you've signed in using your credentials associated to the Azure subscription, select your subscription and resource group, and click ok. It may take a few minutes to create it.

Next, enter the subscription code that is located on your invoice below the cleverbridge reference number before clicking OK.

Microsoft Azure Account Portal showing the creation of a resource group


How do I delete Cosmos DB accounts created by sapio365?

Go to About sapio365 > Set Cosmos DB Connection Info > Delete accounts created by sapio365. Select the account you wish to delete. Copy the account name to your clipboard to paste in the confirmation dialog that follows, then click OK.

Delete Cosmos DB

sapio365 monthly and annual subscription plans

How many times can I install sapio365?

With a sapio365 subscription license, you can install sapio365 as many times as needed. The only limitations for this type of license are the number of tenants, and the total number of Office 365 users, all tenants combined.

What types of information do I have to provide to use a sapio365 subscription license?

If you have purchased a subscription license, you will have to link to your license the tenants* you wish to access with sapio365.

If you sign in with an account on a tenant that is not linked to your license, you will be prompted to configure your license to include this tenant.*

Please note: you can only make changes to this configuration once a month.


*This only applies to tenants with over 50 users. sapio365 is free to use on tenants with up to 50 Office 365 users. You will not be asked to configure your license for these tenants.

How many tenants can I link up to a sapio365 license?

sapio365 subscription licenses can be linked to up to 10 Office 365 tenants at once. If you need to work with more than 10 tenants, please contact Ytria sales.

Are there any other restrictions on linking tenants to my license other than the user and tenant count?

You can change the tenants that a sapio365 license is linked to once a month. Once a change has been made to your tenant list, you'll need to wait a full month before making another change.

How can I increase the Office 365 user cap on my license? What about decreasing the allowed user count?

You can change the total number of Office 365 users authorized for your sapio365 license directly within sapio365 itself. 

In the sapio365 backstage tab, go to 'About sapio365 > License Modification.' From there you will be able to change the Office 365 user capacity of your license.

Here's how:

Change your license capacity directly within sapio365

Step 1: Enter your requested user capacity. You can choose to either reduce or increase the capacity.


Step 2: Choose when you would like the change to take effect.
A capacity reduction will only take place at the start of the next billing cycle. No refunds will be given. 
For a capacity increase, if you choose to have the change take effect at the start of the next billing cycle, you will not be charged anything at this time. If you choose immediately, you will be billed the difference once your change is verified.


Step 3: (optional): Click 'Preview Pricing' to see a preview of what you will be charged if you apply your changes.


Step 4: Enter your Cleverbridge Subscription Reference ID#. No changes will be made unless you provide this number. You can find this number in your original subscription confirmation email and invoice.


Step 5: Apply your changes.


Further action is required! Once you apply your changes, a confirmation email containing a validation link will be sent to the email associated with the license. Your changes will NOT be applied unless validated through this link.

Consultant token packs

What are action tokens?

Action tokens provide you with a cost-effective alternative to sapio365's standard license system. Tokens are essentially prepaid sapio365 actions that you can use whenever and however you want.

Tokens allow consultants the freedom to work across their entire tenant load without limits. There is no need to prioritize clients based on their Office 365 user base, as a standard license is based on this. With a token-based license there are no limits on tenant amount.

With this pay-as-you-go system, you don't have to commit to anything. And you can budget your sapio365 usage and access in a much more granular way. All this without limits on the number of tenants you can work with.

What is an "action" when it comes to using my sapio365 tokens?

It's actually quite easy to remember if you think about it this way. In sapio365 there are information retrieval/push actions, such as loading users or groups; loading messages, group memberships, OneDrive files; and reloading grid information or modifying users or groups. And there are data manipulation actions, which include things like filtering, sorting, and categorization of data within an already-open grid.

Tokens are only used for information retrieval actions.

More specifically, each initial data load of 500 entries (e.g. loading the list of users or groups) from the "home" screen will use one token.


And every time a different "type" of data is retrieved (such as user messages, group memberships, OneDrive files, etc.) in a "sub-module" view, one token is used.


Here's a quick rundown of a process of seeing your users' group memberships and making changes in sapio365, with the number of tokens it would take to complete it:

Let's say your tenant contains 2000 Office 365 users.

  1. Loading the 2000 Office 365 users in your tenant is four tokens.
  2. Loading the group memberships for a selection of these users is one token (regardless of the number of users).
  3. In the view showing group memberships, manipulating the data shown using filters or categorization will not use a token.
  4. Working with group memberships for any number of users will not use a token until you save your modifications.

Following the simple process above will use a total of 6 tokens.


New grid comments

What are comments?

The commenting feature in sapio365 allows each user to add their own notes in dedicated columns. These comments are persistent and can be shared. This means sapio365 can be used as a kind of team workspace.

A history is kept of all comments which can be managed via the View All button. This includes the options to search, edit and delete.

  • Persistent comments can be kept as a to do list, or to help identify items that require attention.
  • Can be set to Shared - turning sapio365 into a workspace for your team
  • History of all comments
  • Search - quickly find specific comments 
  • Use formulas to easily pull in data from other columns 
  • Color code specific comments 
  • Mange a list of all comments with search, edit and delete.