Note: This article describes the process for customers who configured collaborative authoring prior to 25R1 to migrate from the legacy configuration to the enhanced configuration. To configure collaborative authoring in a new Vault, see Configuring Collaborative Authoring.
Beginning with 25R1, the collaborative authoring configuration is enhanced to allow Admins to configure collaborative authoring without requiring a Microsoft 365 service account. We recommend that customers with collaborative authoring configured prior to 25R1 migrate from the legacy configuration to the enhanced configuration. Beginning with 26R1, the legacy collaborative authoring configuration is no longer supported.
Configuration Migration Overview
Migrating from the legacy configuration to the enhanced configuration follows this process in order:
- Update Entra ID Application Permissions
- Grant Owner Role on the Existing SharePoint Team Site
- Grant Access to the SharePoint Team Site using PowerShell
- Update the Connection in Vault
We have provided a PowerShell script (collab_auth_setup_script.ps1) that can perform Step 3 above to simplify the process of granting permissions for your Entra ID application to manage the SharePoint team site. When running the script to migrate from the legacy configuration to the enhanced configuration, the script asks if you already have an Entra ID application and a SharePoint site. For these questions, enter Y and provide the requested information.
See this document for details and screenshots about what information the PowerShell script prompts for.
Updating Entra ID Application Permissions
Note: Complete this configuration in Entra ID as a SharePoint global admin.
Update the below Entra ID application permissions. All new permissions need admin consent granted in Entra ID.
- Update your Entra ID application permissions to include the Sites.Selected Application permission.
- If you are using the automatic invitation functionality for external users, add the Directory.ReadWrite.All and User.Invite.All Application permissions.
- If you are using automatic mentioning through collaborative authoring workflows, add the User.Read.All Application permission.
Granting the Owner Role on the Existing SharePoint Team Site
Note: Complete this configuration in Entra ID as a SharePoint global admin.
Add the SharePoint admin who will run the PowerShell script (collab_auth_setup_script.ps1) as an Owner on the SharePoint team site.
Granting Access to the SharePoint Team Site using PowerShell
Note: Complete this configuration in Entra ID as the SharePoint team site Owner.
Download and run the provided PowerShell script (collab_auth_setup_script.ps1) to grant permissions for your Entra ID application to manage the SharePoint team site.
Updating the Connection in Vault
Note: Complete this configuration in Vault as a System Administrator or Vault Owner.
Update the connection between Vault and Microsoft 365:
- Navigate to Settings > General Settings > Checkout Settings.
- Click Edit in the Collaborative Authoring with Microsoft Office section.
- Select the Remove Service Account from Collaborative Authoring checkbox. The Collaborative User field is removed from the configuration settings.
- Enter the Client Secret. The Integration Status changes to Not Authorized.
- Click Authorize to reauthorize the collaborative authoring configuration. The Integration Status changes to Verified.
- Click Save.
Demonstration: Migrating from Legacy to Enhanced Collaborative Authoring Configuration
The following video demonstrates how to migrate from the legacy configuration to the enhanced collaborative authoring configuration: