> For the complete documentation index, see [llms.txt](https://planck-ai.gitbook.io/planck-ai-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://planck-ai.gitbook.io/planck-ai-docs/documentation/reference/microsoft-365-onedrive-and-sharepoint.md). # Microsoft 365, OneDrive, and SharePoint Use this guide to connect Planck AI to Microsoft 365, OneDrive, and SharePoint. Once connected, Planck AI can sync selected documents from Microsoft cloud storage into a workspace and make them searchable through the AI assistant. ### Who this guide is for There are two roles involved. #### Admin The admin configures the Microsoft application credentials, connects the organisation’s Microsoft 365 account, selects folders to sync, and links the connection to a Planck AI workspace. #### User Each user links their own Microsoft account so Planck AI can enforce per-user access controls on search results. This means users only see cloud-synced documents they are allowed to access in OneDrive or SharePoint. ### Before you begin You need: * Admin access to Planck AI * Access to the Microsoft Azure Portal * Permission to register an application in Microsoft Entra ID * Permission to grant Microsoft Graph API consent * The Planck AI instance URL for your deployment Your Planck AI instance URL will be used in the Microsoft redirect URLs. ### Step 1: Register an application in Azure Go to the Azure Portal. In the search bar, search for: ``` Microsoft Entra ID ``` Then: 1. Open **Microsoft Entra ID** 2. Go to **App registrations** 3. Click **New registration** 4. Enter a name such as: ``` Planck Cloud Integration ``` For supported account types, select: ``` Accounts in this organizational directory only ``` This is recommended for most organisations. ### Step 2: Add redirect URIs When registering the application, add the first redirect URI. Platform: ``` Web ``` Redirect URI: ``` https:///api/v1/cloud/callback/microsoft ``` Replace: ``` ``` with your actual Planck AI instance URL. After registration, add a second redirect URI: ``` https:///api/v1/cloud/link-callback/microsoft ``` The first redirect URI is used when an admin connects the organisation’s Microsoft 365 account. The second redirect URI is used when individual users link their Microsoft accounts for access control. Both redirect URIs are required. ### Step 3: Configure Microsoft Graph API permissions In your Azure app registration, go to: ``` API permissions ``` Click: ``` Add a permission ``` Then select: ``` Microsoft Graph ``` Choose: ``` Delegated permissions ``` Add the following permissions: | Permission | Purpose | | ---------------- | -------------------------------------------- | | `Files.Read.All` | Read all files the connected user can access | | `Files.Read` | Read user files for per-user access checks | | `Sites.Read.All` | Read items in SharePoint site collections | | `User.Read` | Sign in and read the user profile | | `offline_access` | Maintain access using refresh tokens | After adding the permissions, click: ``` Grant admin consent ``` Confirm consent for your organisation. You should see a green checkmark next to each permission after admin consent is granted. ### Step 4: Create a client secret In the Azure app registration, go to: ``` Certificates & secrets ``` Then: 1. Click **New client secret** 2. Add a description, for example: ``` Planck Integration ``` 3. Select an expiration period 4. Click **Add** 5. Immediately copy the secret value Important: copy the **Value**, not the Secret ID. The secret value is only shown once. Store it securely. Recommended: choose a 24-month expiry and set a calendar reminder to rotate the secret before it expires. ### Step 5: Copy the application IDs From the Azure app registration overview page, copy: * Application/client ID * Directory/tenant ID You should now have three values: | Value | Where it comes from | | --------------------- | ------------------------------- | | Application/client ID | Azure app registration overview | | Directory/tenant ID | Azure app registration overview | | Client secret | Certificates & secrets | You will enter these values into Planck AI. ### Step 6: Enter Microsoft credentials in Planck AI Log in to Planck AI as an admin. Go to: ``` Admin → Cloud Providers ``` Find the Microsoft 365 section. Enter: * Application/client ID * Client secret * Directory/tenant ID Click: ``` Save ``` After saving, the Microsoft 365 section should show as configured. ### Step 7: Connect Microsoft 365 In Planck AI, go to: ``` Admin → Cloud Drives ``` Click: ``` Connect Microsoft 365 ``` You will be redirected to Microsoft. Sign in with a Microsoft 365 account that has access to the OneDrive files or SharePoint sites you want to sync. Review the requested permissions and click: ``` Accept ``` If you are a Microsoft admin, you may also be able to consent on behalf of the organisation. After authentication, you will be redirected back to Planck AI. The Microsoft 365 connection should now appear in the Cloud Drives list. ### Step 8: Select folders to sync In Planck AI, go to the Microsoft 365 connection in: ``` Admin → Cloud Drives ``` Click: ``` Browse ``` The folder browser may show: * My OneDrive * SharePoint sites available to the connected account To sync a SharePoint document library: 1. Click the SharePoint site 2. Select the document library, such as **Documents** 3. Optionally select a specific subfolder 4. Click **Save Selection** Planck AI will begin syncing documents from the selected locations in the background. Newly created SharePoint sites may take a few minutes to appear in the folder browser. ### Step 9: Link the connection to a workspace After selecting folders, link the connection to a workspace. Select the workspace where the synced documents should appear. Click: ``` Link ``` Documents from the selected folders will only be searchable within the linked workspace. ### Step 10: Users link their Microsoft accounts For per-user access control, each user who needs to search cloud-synced documents should link their own Microsoft account. Each user should go to: ``` Settings → Cloud Accounts ``` Then: 1. Click **Link Microsoft 365** 2. Sign in with their Microsoft account 3. Grant the requested permissions After linking, Planck AI can filter search results based on the user’s access in OneDrive or SharePoint. Users who have not linked their Microsoft account may not see cloud-synced documents in search results. ### How sync works After a Microsoft 365 connection is configured and linked to a workspace, Planck AI syncs documents from the selected folders. #### Initial sync Planck AI downloads and processes supported documents from the selected folders. Large initial syncs may take time depending on the number and size of files. #### Incremental sync After the initial sync, Planck AI periodically checks for new, modified, or deleted files and updates the workspace. Incremental syncs are usually faster than the initial sync. ### Supported file types Supported file types may include: * PDF files * Excel files * CSV files * Text files Support may vary by deployment. ### How access control works Planck AI can enforce Microsoft cloud storage access controls. The basic flow is: 1. An admin connects Microsoft 365 as the connector account. 2. The admin selects folders and links them to a workspace. 3. Each user links their own Microsoft account. 4. Planck AI checks which files each linked user can access. 5. When a user searches, results are filtered so the user only sees documents they are permitted to view. This is designed to prevent users from seeing cloud-synced documents they cannot access in the original Microsoft system. ### Troubleshooting #### SharePoint sites are not appearing New SharePoint sites may take a few minutes to appear. Also check that: * The connected Microsoft account has access to the site * `Sites.Read.All` permission has been granted * Admin consent has been completed in Azure #### Permission error or `AADSTS65001` This usually means Microsoft Graph permissions have not been granted. Go to: ``` Azure Portal → App registrations → your app → API permissions ``` Then click: ``` Grant admin consent ``` #### Invalid redirect URI Check that the redirect URI in Azure exactly matches the Planck AI callback URL. Admin connection callback: ``` https:///api/v1/cloud/callback/microsoft ``` User linking callback: ``` https:///api/v1/cloud/link-callback/microsoft ``` #### Client secret expired Create a new client secret in Azure. Then update the Microsoft 365 credentials in: ``` Admin → Cloud Providers ``` #### Token expired during sync Planck AI usually refreshes tokens automatically. If the issue persists, disconnect and reconnect the Microsoft 365 account. #### Documents synced but do not appear in search Check that the cloud connection is linked to a workspace. Go to: ``` Admin → Cloud Drives ``` Then confirm that the connection is linked to the correct workspace. #### User cannot see synced documents The user may need to link their Microsoft account. Ask the user to go to: ``` Settings → Cloud Accounts ``` Then click: ``` Link Microsoft 365 ``` Also confirm that the user has access to the original file in OneDrive or SharePoint. #### Sync seems slow Large initial syncs can take time. Incremental syncs are usually faster after the first sync completes. ### Security notes * Store the Microsoft client secret securely. * Rotate the client secret before it expires. * Grant only the permissions required for the integration. * Ensure users link their own Microsoft accounts for access-controlled search. * Review workspace membership to confirm the right users have access. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://planck-ai.gitbook.io/planck-ai-docs/documentation/reference/microsoft-365-onedrive-and-sharepoint.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.