FAQ_sapio365_General_FAQs

sapio365 General FAQs

General questions
about sapio365

Although web-based portals and interfaces are convenient, and very much in fashion, they often lack the immediacy and pure data-handling power of a compiled application.

Due to the nature of sapio365, whose approach is bringing entire tenants of data directly to the forefront, and letting you work with this data in a multitude of ways, a compiled desktop client is the only way to achieve this.

No, you can’t manage your tenant from a tablet, or from your phone. What you do get is access to even multiple tenants of data at once, across multiple account sessions.

Serious Microsoft 365 administration and management, through one dedicated client.

This also has added security benefits as well. Contrary to any number of web-based solutions, sapio365’s local installation means that your data STAYS WITH YOU, and NEVER passes through another server.

Here’s what you need to know to install sapio365 and begin getting to know your tenant like only sapio365 can show you.
Get more details here

1. Download
Click on the download link in your confirmation email.
2. Install
Run and follow the instructions in the installer package.
3. Register and go
Start and register sapio365. Then begin exploring your Microsoft 365 tenant.

> Start exploring your tenant here

When you launch sapio365 without a license code, you will be using it in Lite mode. Features in Lite mode are limited to retrieving and viewing information in the “My Data” section. This means that you can access and manage only your own data (as the signed-in user). To unlock the full functionality of sapio365, you will need to enter a license code obtained by purchasing it or by requesting a free evaluation.

Here is a list of what you can accomplish in sapio365 Lite:

  • Preview your email messages, and view their details and their attachments
  • View your calendar event information including the list of attendees and their response state
  • Download or delete your emails and calendar events
  • Download or delete attachments of your emails and calendar events
  • View your OneDrive files and folders and how they are shared
  • Manage permissions of your shared files and folders in your OneDrive
  • Check documents in or out in your OneDrive
  • Rename, create or delete files and folders in your OneDrive
  • Upload or download files and folders in your OneDrive
  • View your personal mail contacts
  • View and delete your inbox mail rules
  • View the groups you belong to, including Teams, security groups and distribution groups
  • View your assigned licenses and service plans

While sapio365 retrieves your tenant data to display it in a grid, ONLY the user and group lists are stored locally on your machine. This caching is necessary for much faster loading when dealing with massive numbers of users and groups.

Cached data is stored in a local database encrypted by and for the current computer. Note that caching is an option that can be disabled at any time.

No tenant data is stored once your session is closed except for the cache (if enabled), files you’ve downloaded and any grid data you’ve exported.

All features in sapio365 can be used in automated tasks in sapio365. We call these JOBs and they are ready to use from within the modules and from the main window. You can even schedule them to run during off hours and receive the report by email. Presets offer a one-time setup which can then be reused for repeating job schedules.

We work hard to stay up to date with the latest changes in Microsoft 365 and whether or not it is possible to implement functionality related to these changes. On the average, you can expect a couple of updates per quarter.

sapio365 runs on Windows 7 or later. So, of course, your computer must have at least this minimum. However, we recommend that you have at least the following:

– Free space: 200 MB on your destination drive
– RAM: As much as possible*
– CPU: As fast as possible*

**sapio365 is available in both 32-bit and 64-bit versions, and is subject to certain constraints:
The 32-bit version is limited to the memory usage limitations inherent to 32-bit.
The 64-bit version will make use of the full capacity of your system.

No. sapio365 is a local installation and your data NEVER passes through another server. Ytria employs secure authentication methods so you can access your data with sapio365, but has no access whatsoever to any data that is retrieved using sapio365.

Ytria doesn’t even have access to the sapio365 trace log, unless you choose to send a copy to us for support purposes.

Using sapio365 requires obtaining two types of consent. These are the same for managing any application in Microsoft Azure Active Directory:

  1. User Consent or consent provided by an end user
  2. Admin Consent or consent provided by an administrator

When first launching sapio365 with either a Standard or Advanced session, you are asked to sign-in with your Microsoft 365 credentials. If the authentication is successful and if you are allowed to consent to applications, you will then be prompted by Microsoft to grant ‘app consent’ to sapio365. This Microsoft dialog says: “This app would like to:”, followed by a list of permissions.

The consent you give is strictly between the sapio365 app and your tenant. And since sapio365 is installed on your computer, this means that your data NEVER goes through any third-party servers.

When launching a Standard session for the first time, the application requires a one-time user consent for sapio365 to access your data.
You can think of giving user consent as saying: “Connect to my Microsoft 365 resources“.

When launching an Advanced session for the first time, the application requires a one-time admin consent for sapio365 to access Microsoft 365 data. Only users with a Global Administrator role in the Microsoft 365 organization can give consent to the application.

Global admins can also give that consent on behalf of all users in the organization. Therefore users do not have to provide additional consent, and the application can access signed-on users’ resources immediately.
You can think of giving admin consent as saying: “Sign my organization up to use this application.”.

It’s safe to give your consent to permissions used by sapio365

secure-icon

Secure

Your data remains between your computer and your tenant – it never passes through external servers

private-icon

Private

Your consent only applies to this instance of sapio365 – it will not be accessible to other instances of sapio365

compliant-icon

Compliant

Your consent only works within your current tenant rights

sapio365 is NOT affected by the Log4j vulnerability in any way. sapio365 is developed in C++ and does not use any Java library.

You cannot use sapio365 on a MAC because sapio365 requires Windows 7 or later. However, you can install sapio365 on a virtual machine like Parallels or VMware with the minimum requirements.

Go even bigger with your Ytria tools—through large-scale repeatable processes.

It is easy to use sapio365 because it connects to your tenant using your current Microsoft privileges.

Yes!  sapio365 enables you to create sessions for each tenant and it lets you switch between tenants without logging out. You can run multiple independent instances so that you are connected to each tenant simultaneously. There’s also an automation feature that lets you run cross-tenant reports.​

sapio comes from the Latin verb sapere, meaning “to be wise” or “to have sense.” We think it’s a great name for a software solution that allows you to solve challenges you thought were impossible.


FAQ Standard Advanced session privileges

Standard session in sapio365

What’s a standard session in sapio365?

A standard session in sapio365 lets you access all data for which you have permissions, including your own:

  • Messages, mail rules, calendar events, and personal contacts
  • OneDrive documents and their permissions
  • Group and SharePoint site document libraries
  • Group/Team owner and member lists
  • Site and site list information
See the complete list of features

Are you an admin?

Use the extended permissions of an advanced session to manage settings, users, groups, Teams, sites and more. You will need to obtain admin consent from a global administrator.

Learn more about advanced session

Have an assigned role?

Your admin can create roles in sapio365 RBAC to give you greater access within a specific scope. Choose one from a list of available roles upon sign-in or later.
Once you apply a role, your session becomes role-enabled and is added to your session list.

Standard Session

Most Frequent Questions

When launching a Standard session for the first time, the application requires a one-time user consent for sapio365 to access your data.

You consent to sapio365 accessing your data within the scope of your Office 365 rights. Since sapio365 is a locally installed application, your information NEVER goes through any third-party servers. You can think of giving user consent as saying: “Connect to my Office 365 resources”.

No, sapio365 does not require external servers to process this information – ever

You can equally remove this application whenever you wish by clicking Revoke in the App permissions section.

The administrator can turn off user consent in which case you may find this option disabled. Note that, by default, the user consent option is implemented for Office 365 organizations in Azure AD. However, an administrator can change this default setting to prevent end users from installing applications. Another reason you may not be able to provide your user consent is that you are not on the allowed list of users set up by your admin.

Yes, just like for any application in your Azure AD, you can enable “User assignment required?” (1) and add users (2).

If you’re a global admin, you will see a checkbox option “Consent on behalf of your organization” when you’re giving consent. Checking this box will prevent your users (who can use sapio365 Standard sessions) from being prompted to give their consent. If you don’t check it, the only consent given is yours, and your users will be prompted for their consent when creating a Standard session.

You can equally remove this application whenever you wish by clicking Revoke in the App permissions section.

What can I do in a Standard session?

If your user rights allow you, you can do the following:

groups-icon

Users

      • View the entire list for your tenant’s directory as well as all users’ profile information
      • View service plans and license information for all users
      • Edit user profile information if your user rights allow
      • Create new user profiles if your user rights allow
      • Display group memberships for up to all users in your tenant’s directory
      • For your own account and those users whose mailboxes you have access to, see all:
        • Messages
        • Contacts
        • Calendar entries

groups-icon

Groups and Teams

      • View all groups in your tenant, including their property information
      • For all groups you have access to in your Office 365 portal:
        • Display all group owners and members
        • Retrieve document library files
        • View group SharePoint site information
      • Remove and add members or owners for all groups you own

emails-attachments-icon

Mail

For your own mailbox and other mailboxes you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
  • View the make-up of all your inbox rules in one place

icon-calendar-icon

Calendar events

For your own mailbox and other mailboxes you have access to:For your own mailbox and other mailboxes you have access to:

  • View all calendar events
  • Preview calendar event body
  • See attachment information.

contacts-icon

Personal contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

one-drive-icon

OneDrive files and folders

For your OneDrive and all others you have access to:

  • See all file information in a hierarchical view—including who it’s been shared with and how.
  • Download or upload files.
  • Rename or delete documents and folders.

Learn more about the other session types:

Advanced sessionAdvanced session with elevated privileges

Advanced session

Advanced session in sapio365

What’s an advanced session in sapio365?

An advanced session in sapio365 lets you access and manage all data for which you have permissions, as well as some settings not available in the portal UI. This includes:

  • Messages, calendar events and personal contacts for accessible mailboxes
  • Owned and shared OneDrive documents and their permissions
  • Group and SharePoint site document libraries
  • Group owners and members
  • Site and site list information
  • Directory roles
  • Usage and audit reports
See the complete list of features

Are you a global admin?

Get even more access with elevated privileges

Use the extended reach of application-based permissions to manage data for mailboxes and SharePoint sites you do not own.

Learn more about using elevated privileges

Create custom, granular roles

Give users greater access within a specific scope by creating roles with sapio365’s role-based access control (RBAC) system. Use any user, group or site property as a scope or Learn how to use sapio365 RBAC.

Learn how to use sapio365 RBAC

Advanced Session

Most Frequent Questions

When launching an Advanced session for the first time, the application requires a one-time admin consent for sapio365 to access Office 365 data.

An application is created in your tenant’s Azure AD with permissions that require admin consent.

You’re consenting to the delegated permissions of the sapio365 application that allow you to access Office 365 data within the scope of your user rights in Office 365. This consent is between you and the sapio365 application. Your data NEVER goes through any third-party servers.

Only a global (company) administrator can provide admin consent for the permissions of sapio365 applications used in advanced and elevated sessions. If you can’t obtain admin consent, you can use a standard session.

No. Your access and actions remain limited by the rights and permissions you have in Office 365. An advanced session in sapio365 gives you the advantage of having everything in one place, the ability to make bulk changes and create custom reports. You’ll need elevated privileges to access mailboxes and sites you don’t own. Get more info here.

No, sapio365 does not require external servers to process this information – ever.

Some data is stored locally on your machine as a cache to improve processing times. The encryption of data is session-based so your information is protected.

Yes, just like for any application in your Azure AD, you can enable “User assignment required?” (1) and add users (2).

What can I do in an Advanced session?

If your user rights allow you, you can do the following:

groups-icon

Users

  • View the entire user list for your tenant’s directory as well as all users’ profile information.
  • Manage service plans and license information for all users.
  • Edit user profile information for any user, even multiple users at once.
  • Create new user profiles, even multiple profiles at once.
  • Display group memberships for every users in your tenant’s directory.
  • See all, For your own account and those users whose mailboxes you have access to.
    • Drive items
    • Messages
    • Contacts
    • Calendar entries

groups-icon

Groups and Teams

  • View all groups in your tenant, including their property information.
  • Display all group owners.
  • Retrieve all drive item information.
  • View group SharePoint site information.
  • Add or remove owners for any group in your tenant, even multiple groups and owners at once.
  • Manage delivery restrictions on any group in your tenant, even multiple groups at once.

emails-attachments-icon

Mail

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
  • Manage mail rules for all mailboxes.

icon-calendar-icon

Calendar events

  • View all calendar events.
  • Preview calendar event body.
  • Download or delete attachments.

contacts-icon

Personal contacts

See every users’ personal contacts.

one-drive-icon

OneDrive files and folders

  • Manage all information—including permissions—for every OneDrive file and folder in your tenant.
  • Download files and folders.
  • Upload files and folders.
  • Create folders.

sharepoint-icon

SharePoint sites and lists

  • Retrieve all SharePoint site information, including storage quotas.
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Manage all document library files and their permissions in one place.

Learn more about the other session types:

Standard SessionAdvanced session with elevated privileges

Advanced session privileges

Advanced session with elevated privileges in sapio365

What’s an advanced session with elevated privileges in sapio365?

When you choose to associate elevated privileges with your Advanced session, you add a greater level of access to Office 365 data by using an additional, complementary sapio365 application with application-based permissions. This allows you to manage mailboxes and SharePoint sites you don’t own. This means that in addition to everything you get in an Advanced session, you also get access to:

  • All users' messages, settings, calendar events and personal contacts
  • All users' mail rules
  • All users' OneDrive documents and their permissions
  • All SharePoint site document libraries
  • Checked out files and retention labels
  • All site and site list information
  • All Teams & private channel content
See the complete list of features

Need access to private channel chats?

The only way to read private channel chats is to be a member of that channel. Or just use an Advanced session with elevated privileges and simply fill out a request for approval from Microsoft.

Advanced session with elevated privileges

Most Frequent Questions

A registered sapio365 application is created in your tenant’s Azure AD with app-based permissions that require consent from a global admin. This application is then used in conjunction with the sapio365 app with delegated permissions that you’ve previously consented to. Together, these apps give you the maximum reach into your tenant data.

You’re consenting to the permissions of the registered sapio365 application that allow you to access Office 365 data. This consent is between you and the sapio365 application. Your data NEVER goes through any third-party servers.

Yes you can create your app with specific permissions, or you can use an existing one.

Only a global (company) administrator can provide admin consent for the permissions of registered sapio365 applications used in Advanced sessions with elevated privileges. If you can’t obtain admin consent, you can use a standard session.

Yes. An Advanced session in sapio365 gives you the advantage of having everything in one place, the ability to make bulk changes and create custom reports, based on the rights and permissions you have in Office 365. Using elevated privileges will give you access to information related to mailboxes and sites you don’t own.

No, sapio365 does not require external servers to process this information – ever.

Some data is stored locally on your machine as a cache to improve processing times. The encryption of data is session-based so your information is protected.

Private channel chats are only available to the members of that channel whether you use native tools or third-party tools like sapio365. Accessing chats in a Team’s private channel requires submitting a completed justification form to Microsoft to request authorization for an application (sapio365) to use Protected APIs in Microsoft Teams.

To make things easier, we’ve prepared information you’ll need and some sample text you can use to fill out the form. Follow the steps below.

  1. Make sure you are in an active Advanced session with elevated privileges.
  2. Click on the ‘Request Access (Private Channel Chats)’ submenu item of ‘New Advanced Session’ to see our guide.
  3. Click on the link to open Microsoft’s request form in your browser and fill it out using the info and suggested answers in the guide.

What can I do in an Advanced session with elevated privileges?

With the full set of Ytria-recommended permissions, you can do the following:

groups-icon

Users

  • View the entire user list for your tenant’s directory as well as all users’ profile information.
  • Manage service plans and license information for all users.
  • Edit user profile information for any user, even multiple users at once.
  • Create new user profiles, even multiple profiles at once.
  • Display group memberships for every users in your tenant’s directory.
  • For your own account and those users whose mailboxes you have access to, see all:
    • Drive items
    • Messages
    • Contacts
    • Calendar entries

groups-icon

Groups and Teams

  • View all groups in your tenant, including their property information.
  • Display all group owners.
  • Retrieve all drive item information.
  • View group SharePoint site information.
  • Add or remove owners for any group in your tenant, even multiple groups and owners at once.
  • Manage delivery restrictions on any group in your tenant, even multiple groups at once.

emails-attachments-icon

Mail

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
  • Manage mail rules for all mailboxes.

icon-calendar-icon

Calendar events

  • View all calendar events.
  • Preview calendar event body.
  • Download or delete attachments.

contacts-icon

Personal contacts

  • See every users’ personal contacts.

one-drive-icon

OneDrive files and folders

  • Manage all information—including permissions—for every OneDrive file and folder in your tenant.
  • Download files and folders.
  • Upload files and folders.
  • Create folders.

sharepoint-icon

SharePoint sites and lists

  • Retrieve all SharePoint site information, including storage quotas.
  • Show all lists—as well as their items and columns—for all your accessible sites at once.
  • Manage all document library files and their permissions in one place.

Learn more about the other session types:

Standard sessionAdvanced session

Role-based access control

Role-based access control in sapio365

Role-based access control in sapio365 (RBAC)

Delegate ANY task without compromising security

Don't settle for the limits of Office 365 roles and Administrative Units—define your custom roles with specific permissions scoped to sets based on user, group and site attributes.

secure-icon
Secure Delegation

Users use their own credentials to access the assigned roles and the privileges given to them – they don't get the actual key. Role configuration is locally encrypted and in your own Azure Cosmos DB. sapio365 does not require external servers to process this information - ever.

private-icon
Granular roles

Roles can range from full power to a single function in sapio365.
Define what delegated users can do and where they can do it. You decide how granular you want to get through permitted tasks.

compliant-icon
Dynamic Scopes

Unlike keeping Administrative Units up to date, you don't have to add users to sapio365 RBAC scopes.
The sets you define in sapio365 are dynamic since they are based on specific properties of users, groups or SharePoint sites.

In other words, hand over the exact level of control needed to your delegated users over specifically defined sets of users, groups, and SharePoint sites.

FAQs

The role-based access control system in sapio365 is based on permissions mapped to every action in sapio365. Create custom roles by selecting only the permissions you need to delegate. The actions that you’ve chosen for the role can then be only enabled for a specific scope, or set of users, groups, and sites. The roles you create, the scopes and role assignments-RBAC configuration- are stored in a local encrypted database on your machine. When you connect YOUR Azure Cosmos DB account to your sapio365 license, the local database synchronizes with the one in your Cosmos DB. This allows delegated users to retrieve and take on assigned roles when they sign in to sapio365 on their own computers.

No. sapio365 RBAC does not change any roles or permissions in your Office 365. The delegated roles you create in sapio365 are ONLY available in sapio365—you won’t see them in Office 365 admin centers.

You’ll need to set up a Cosmos DB account. Have your sapio365 invoice information handy and follow the simple steps outlined here.

If you don’t have access to an active Azure AD subscription, you won’t be able to create a Cosmos DB account to use with sapio365 RBAC. Any role you create will be confined to your machine. This means that assigned users can only benefit from assigned roles using sapio365 on your computer.

Creating roles with sapio365 role-based access control (RBAC) is very simple as long as you have previously defined the actions you want to permit for users with that role and on which sets of users or groups or sites. Click here for more details.


Webcast_Speed_up_multi-user_offboarding_in_Office_365_with_sapio365

Speed up multi-user offboarding in Office 365 with sapio365

Speed up multi-user offboarding in Office 365 with sapio365

In this 30-minute webinar, we’ll look at:

  • Teams settings, owners, files
  • Disabling and deleting users
  • Replacing group members & owners
  • Assigning managers
  • Finding checked out documents
  • Moving or backing documents

To see how we check for forwarding inbox rules of deactivated users
go to 14:08 in our webinar recording

The checklist for offboarding a single user in Office 365 is already quite long if you want to ensure your Office 365 environment remains secure and without any loss of knowledge. The list gets longer still with every fresh blog article written on the subject.

And if you’re offboarding multiple users with native Office 365 tools, the task gets even more daunting. We’ll show you how to lighten your load by scaling some of these steps using sapio365.

Isn’t it time to try sapio365 for yourself?

Get your free trial

Ultra admin

No more Ultra Admin session in sapio365

Ultra Admin sessions have evolved into Advanced sessions with elevated privileges

You’re seeing this message because in the past, either you or your global admin created an Ultra Admin session in sapio365 to reach users’ mailboxes and sites you don’t own.

Because of certain Graph API limitations, some sapio365 features were technically limited only to the old Admin session type and required switching between the two type of sessions.

Well, we’ve made things easier by doing the switch automatically for you depending on the request you make. In other words, we’ve merged the benefits obtained from using what was once known as an Admin session with those from using an Ultra Admin session.

no-more-ultra-admin

Here are some answers to questions you may have:

Why are Ultra Admin sessions no longer available?

We’ve replaced the Ultra Admin session with the ‘Advanced session with elevated privileges’. This is to maximize your data access without having to switch session types – makes things easier for you!

Why is an Advanced session with elevated privileges better than an Ultra Admin session?

Although using an Ultra Admin session let you access all mailbox & site data, the app-only permissions of the application had limited functionality in some areas. This required users to switch to an Admin session to use its delegated permissions. Since we’ve now combined the two, you get the best both worlds!

How can I use my existing Ultra Admin session?

Launch an Advanced session (formerly known as an Admin session), and click the ‘Elevate Privileges’ button. You’ll be prompted to choose from a list of your existing Ultra Admin sessions.

What happened to my Ultra Admin sessions? Why can't I see them in the recent session list?

The recent session list only shows current session types, which do not include Ultra Admin sessions. However, you can still access your old Ultra Admin sessions by clicking ‘Manage Sessions’.

What happened to the applications used in my Ultra Admin sessions?

Nothing. They’re still part of your Azure AD registered applications. In fact, go ahead and pick one when you elevate your privileges.

What happens if I agree to remove the Ultra Admin session whose privileges I merge with my Advanced session?

The Ultra Admin session is removed from you session list. The application is uses remains on your Azure AD, where you can manage it.

I've removed an Ultra Admin session by mistake. How can I use its app to elevate privileges of my Advanced session?

Since you’ve opted to remove it, the Ultra Admin session is no longer in your session list, but the application it uses is still part of the Azure AD registered apps. When you click on ‘Elevate Privileges’, choose to proceed manually, and enter the name and ID of the application as shown in Azure AD. If you don’t have the password, you’ll have to generate a new one. Copy it and keep it somewhere safe if you need to since this is the only time you’ll be able to see it.


Webcast Microsoft Teams & NEW private channels

Microsoft Teams & NEW private channels

Microsoft Teams & NEW private channels

Improve governance with sapio365

Group sprawl was a major issue for admins even before Microsoft made Teams’ private channels a reality. With the addition of private channels, admins need, now more than ever, a tool with a global reach of all Teams and their ever-expanding content. We’ll show you how sapio365 gives you that 360-degree visibility and more.

In this 30-minute webinar, we’ll demonstrate a unique way to manage important Team data including:

  • Teams settings, owners, files
  • Private channel sites, members & documents
  • Private chat conversations
  • Documents shared in private chats

Download video

Isn’t it time to try sapio365 for yourself?

Get your free trial

Webcast_How to manage your purchased Office 365 licenses

How to manage your purchased Office 365 licenses

How to manage your purchased Office 365 licenses

Topics include

  • Mass onboarding and offboarding users
  • Eliminating duplicate service plans
  • Group-based licensing
  • Identifying unused/wasted licenses
  • Cost optimization of project-based licenses
  • Delegating license management and reporting
  • Assigning license quotas by country, department, etc.

Download video

Effective management of user licenses in Office 365 has an important impact on the user experience and more directly, on the total cost of ownership of Office 365. Customers enjoy the many benefits of a platform that is constantly evolving. The integration of new features usually means changes to licensing offers. So customers need to maximize the value of their subscriptions by revising what they have against what’s new.

In this 30-minute webinar we’ll cover common scenarios that our customers faced because of changes within their organization and the changing Office 365 service landscape, and how these issues were resolved using sapio365. You’ll come away with new ways to solve hidden and potential issues.

Isn’t it time to try sapio365 for yourself?

Get your free trial

Documentation-One Drive Sharing

How to manage OneDrive document sharing

How to manage OneDrive document sharing

What we’ll cover

  • Get a secure overview of multiple users’ OneDrive directories
  • Learn to mitigate document access during user off-boarding
  • Manage OneDrive permissions and find sensitive data shared (with) outside the organization
  • Measure OneDrive adoption
  • Analyze documents shared within groups and SharePoint sites, including their permissions

You don’t need to be afraid to let your users share OneDrive files

It’s easy to lock down external file sharing in your organization in the name of security with the native tools in Office 365. However, most would agree that this goes against the grain of collaboration which is one of the key benefits of deploying Office 365.

What if you could have a complete overview of folder and file-level permissions and sharing status of all OneDrive files for all your users and groups? Or see which documents have been shared externally and how – be it with authenticated guests or with anonymous read and edit links.

In just under 30 minutes, we’ll show you how you can get a quick overview of all OneDrive files stored and shared by your users in your Office 365 environment. You’ll learn how to remain in control of sensitive data in the OneDrive directories of your users, your Office 365 groups, and your SharePoint Online libraries.

Isn’t it time to try sapio365 for yourself?

Get your free trial

Role-based access controls

Granular access controls: New from sapio365

New role-based access controls in sapio365 allow you to edit access permissions for files, group, servers, and admin control in Office 365 at a granular level. With these changes, sapio365 users can manage their cloud environment quicker and more effectively than ever.

Detailed role-based access controls

Unlike rival alternatives, and Office 365 default controls, Ytria allows you unparalleled detail in your controls. It allows you to entirely customize the scope of your access rules, based on a vast array of parameters, including job title, organization, department, Group, and much more.

For example, you can set access to a folder to apply only to users with ‘IT’ in their job title, or to actively exclude them. The possibilities for you to easily customize detailed rules for your organization are endless.

Customized parameters

Establish your own scopes for delegating role based access controls. For example, set access parameters for all users with ‘IT’ in their job title or department, or establish default permissions for your entire organization. Create your own laser-focused scopes based on a vast array of potential parameters.

Granular control

Edit permissions at multiple levels of detail, from your entire organization through teams, Groups, or individual user, including your own bespoke customized parameters.

Watertight costs

Control the number of licenses any one user can create or control, effectively capping unnecessary license creep.

Comprehensive records

sapio365 keeps a detailed log of all role-based changes that are made, so can easily identify the nature of changes, when they were made, and by whom.

Secure data

All data processed by sapio365 is stored within your Azure tenant. This means its governed by the same compliance and security policies as the rest of your data.

Take control over your environment

Role-based access controls in sapio365 complete the final piece of the Office 365 administration puzzle. It allows administrators to finely tailor the information each individual user has access within their organization. From here, they can balance the demands of maintaining security with the need to enable constant productivity.

This maximizes the value that users get from both their Office365 and sapio365 investments.


Documentation-Delegate Office 365 tasks

How to securely delegate every admin task in Office 365 with granularity

How to securely delegate every admin task in Office 365 with granularity

Have you ever wanted to delegate Office365 admin privileges or restrictions to your coworkers but limit their management to users in a specific country or department? Maybe you’ve imagined being able to allocate license quotas to business units to control license consumption without over-spending on reserved license pools.

Well, this 30-minute webinar will show you how to achieve all this and more using practical scenarios.

In this 30-minute webinar you’ll learn how to:

  • Securely delegate admin privileges without having to grant Global Admin rights.
  • Create wide or narrow scopes by restricting sets to specific users, groups, and SharePoint sites.
  • Customize roles for administrators, helpdesk, and others by combining permissions and scopes.
  • Eliminate departmental license over-spending with specific license management roles.
  • Tracking and eliminating ghost documents, even across replicas

Isn’t it time to try sapio365 for yourself?

Get your free trial

Find out which type of session you should use

Which session type should I choose?

Are you a non-admin user or an admin? There are different session types for each.

What you’ll be able to do in sapio365 depends on a combination of your user rights and the session type you use.

If you are NOT an admin, start with a User session—it is usable right “out of the box.” For other sessions, admin consent is required. You can always request consent in the meantime.

User session

Users can access all their own data including:

  • Messages
  • Contacts
  • Drive items and their permissions
  • Group listings, group owners, and memberships
  • Calendar events for accessible mailboxes
  • Site and site list information

No admin consent needed

Admin session

Additional access (according to user rights):

  • All users' directory properties/info
  • Memberships of hidden groups
  • Group conversations and extended group information
  • All calendar events for public groups and private groups you have access to
  • All drive items you have access to through groups, sites, or user sharing

No admin consent needed

Ultra Admin session

Additional access (with full permissions assigned):

  • Complete account info for all users
  • All mail for all users, including attachments
  • All mailbox settings for all mailboxes
  • All drive items for all groups, users, and sites
  • All calendar information for all users and groups
  • All SharePoint site information, including lists and list items
  • All contacts for all users

Admin consent required

This requires an app registration on the Azure v2 Active Directory Endpoint.

All sapio365 app permissions are assigned by the creator of the app ID.

User session

(No admin consent needed)

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

What can I do in a User session?

Your user rights apply to a User session.

According to your user rights, you can do the following:

Users
  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Drive item, Messages, Contacts, Calendar entries
  • For your own account and those users whose mailboxes you have access to.
Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups
  • View all groups in your tenant, including their property information (minus Teams-related properties).
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Remove and add memberships and owners for all groups you are 'Owner' of.
Calendar events
  • View all calendar events
  • Preview calendar event body
  • See attachment information.
SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Admin session

(Admin consent required)

What can I access? How are my user rights handled?

Actual user rights are respected—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

I'm an admin. How do I give consent to sapio365?

Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types.

How can I get admin consent for sapio365?

Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365.

What can I do in a Admin session?

Your user rights apply to an Admin session.

According to your user rights, you can do the following:

Users
  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Extended user information, Drive item, Messages, Contacts, Calendar entries for your own account and those users whose mailboxes you have access to.
Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • See all mailbox setting information.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups
  • View all groups in your tenant, including their property information.
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Remove and add memberships and owners for all groups you are 'Owner' of.
  • Manage delivery restrictions on groups that you have access to.
Calendar events
  • View all calendar events—even for Office 365 groups you're a member of.
  • Preview calendar event body
  • See attachment information.
SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

Ultra Admin session

(Admin consent required)

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

I'm an admin. How do I give consent to sapio365?

Admin and Ultra Admin sessions both require the consent of a Global Administrator in order to function. If you give consent once, it will work across your entire tenant. See this page for the full process of providing admin consent for each of the session types.

How can I get admin consent for sapio365?

Only an administrator with the role of global administrator can provide consent for sapio365’s Admin sessions. Feel free to send a global administrator to this page: How to provide admin consent to sapio365. If you have already registered an application ID, you’ll need to tell which application ID you need consent for.

What can I access? How are my user rights handled?

Actual user rights are respected in the application—if you can see it in Office 365, you can see it in sapio365, but in a much larger scope.

What can I access in a Ultra Admin session?

Authorized users are responsible for assigning their own permissions when creating an application.

With the full set of Ytria-recommended permissions, you can do the following:

Users
  • View the entire user list for your tenant’s directory as well as all users' profile information.
  • View service plans and license information for all users.
  • Edit user profile information if your user rights allow.
  • Create new user profiles if your user rights allow.
  • Display group memberships for up to all users in your tenant’s directory.
  • See all: Drive item, Messages, Contacts, Calendar entries
  • For your own account and those users whose mailboxes you have access to.
Mail
For your own mailbox and other mailboxes, you have access to:

  • View all messages—including the mail folder structure.
  • Preview messages directly from the full message list.
  • See all message properties.
  • Access all attachment information—and download or delete attachments directly.
Contacts

See your own contacts as well as contacts of users whose mailbox you have access to.

OneDrive files and folders

See all information—including permissions—for all OneDrive files you can access.

Groups
  • View all groups in your tenant, including their property information.
  • For all groups you have access to in your Office 365 portal: Display all group owners, Retrieve all drive item information, View group SharePoint site information.
  • Add or remove owners for any group in your tenant, even multiple groups and owners at once.
  • Manage delivery restrictions on any group in your tenant, even multiple groups at once.
Calendar events
For your own mailbox and other mailboxes you have access to:

  • View all calendar events
  • Preview calendar event body
  • See attachment information.
SharePoint sites and lists
For all site collections and groups you have access to (public groups and private groups you are a member of):

  • Retrieve all SharePoint site information
  • Show all lists—as well as their items and columns—for all your accessible sites at once
  • Display all OneDrive files for all your accessible sites and lists at once.

FAQ_flexYview_The engine_powering_sapio365

FlexyView: The engine powering sapio365

sapio365: powered by the FlexyView

See and work with data in your Office 365 tenant in faster and easier ways thanks to sapio365’s core data scanning and manipulation engine.

Meet the FlexyView

At the heart of sapio365 is a powerful engine that scans and displays your Office 365 tenant data in a flexible, grid-based user interface.

Flexible? Yes. Because once your data is loaded into a sapio365 grid, you have total freedom to change categorization, information order, filter entries, everything.

All those “one-at-a-time” processes, centralized and enabled en-masse

Centralize all those “one-at-a-time” processes that you encounter in your daily Office 365 administration. Break through “tunnel vision” limitations of viewing data in small sectors at a time. Perform complex operations in measures of clicks and minutes, rather than hours of coding.

Ever thought of seeing all information about users, groups, sites, , the components of an entire cloud or multi-server on-prem environment, all parsed and categorized for easy viewing and management in a flexible and customizable spreadsheet-style grid display?

The FlexyView lets you easily get to the data you need, and more, often within just a few clicks.

Work with your data in faster and better ways thanks to deep, yet easy-to-use, functionality.

Powerful solutions at your fingertips

Organize your data

Organize your data through simple drag-and-drop grouping controls. Find similarities, calculate totals, sort lists, and more.

Manage your grids

Manage your grid configurations through a one-stop control panel; you'll find all the options you need to customize data readouts in one place.

Perform manual searches

Use an array of manual searches functions, including regular expression and plain text searches, to cut through the clutter and target the data you need.

Calculate group totals

Use built-in calculation functions such as configurable group-totals to deepen analysis on data categories.

Employ powerful filters

Manipulate large data sets to isolate the data you need fast thanks to a variety of filter options, including targeted value filters, regular expressions, number and date filters, and more.

Add custom annotations

Integrate virtual comments directly into the data you’re working with in your grid and use them just like any other data point.

Sort lists instantly

Sort data lists of any size in only a single click.

Freeze grid columns

Freeze grid columns to bring better visibility and handling to large data sets just like in popular spreadsheets.

Create pre-set configurations

Set and save your configurations and preferences—recall them at any time.

Generate pivot tables

Intersect data sets of any size through the built-in pivot table generator. Understand trends and relations across your defined data.

Compare data in unique ways

Perform visual comparison analyses on even the most complex data sets thanks to the flexYview-exclusive Data Comparator, offering functionality not found in any other product.

Automate your processes

Expand the scope of your processes through powerful automation scripts; program your own tasks from the ground up, or record actions to build upon.

Report your data with copy/paste simplicity

Get your data from the grid into a spreadsheet with copy/paste simplicity—reporting has never been easier or more versatile.

Report in pre-formatted documents

Create reports in pre-set document format options to ensure they meet standard file requirements.


Documentation Cost effective office365 administration

Your guide to more cost-effective Office 365 administration with sapio365

Your guide to more cost-effective Office 365 administration with sapio365

See how you can step up your Office 365 management with sapio365, Ytria’s standalone admin client for Office 365. You don’t need to know PowerShell to expertly manage Office 365 using sapio365. But if you do like to code in Microsoft’s ever-present language, there’s still something for you in sapio365.

In this webinar, you’ll learn how you can use sapio365 to carry out even the most complex Office 365 administration tasks, regardless of your own experience level.

In this hour, you learn how to:

  • Gain control of your groups: memberships, expiration policy, content, and more.
  • See crucial group, user, and site data.
  • Accomplish a wide range of automated tasks in just a click.
  • Manage licenses, service plans, and provisioning status in bulk.
  • View all OneDrive files, and work with their permissions, across your entire tenant.
  • Manage directory roles, licenses, and more on the tenant level.
  • Manage delivery restrictions with point-and-click ease.
  • Optimize your entire user management process.
  • View all SharePoint online site content down to the list item and OneDrive file level.
  • Create any type of report you can think of quickly and easily.

Isn’t it time to try sapio365 for yourself?

Get your free trial