Discover solutions precisely and rapidly utilizing Amazon Q Enterprise with the SharePoint On-line connector

0
32
Find answers accurately and quickly using Amazon Q Business with the SharePoint Online connector


Amazon Q Enterprise is a completely managed, generative synthetic intelligence (AI)-powered assistant that helps enterprises unlock the worth of their knowledge and data. With Amazon Q, you possibly can rapidly discover solutions to questions, generate summaries and content material, and full duties through the use of the knowledge and experience saved throughout your organization’s varied knowledge sources and enterprise programs. On the core of this functionality are native knowledge supply connectors that seamlessly combine and index content material from a number of repositories right into a unified index. This permits the Amazon Q giant language mannequin (LLM) to offer correct, well-written solutions by drawing from the consolidated knowledge and knowledge. The information supply connectors act as a bridge, synchronizing content material from disparate programs like Salesforce, Jira, and SharePoint right into a centralized index that powers the pure language understanding and generative skills of Amazon Q.

To make this integration course of as seamless as attainable, Amazon Q Enterprise affords a number of pre-built connectors to a variety of knowledge sources, together with Atlassian Jira, Atlassian Confluence, Amazon Easy Storage Service (Amazon S3), Microsoft SharePoint, Salesforce, and plenty of extra. This lets you create your generative AI resolution with minimal configuration. For a full checklist of Amazon Q supported knowledge supply connectors, see Supported connectors.

One of many key integrations for Amazon Q is with Microsoft SharePoint On-line. SharePoint is a broadly used collaborative platform that permits organizations to handle and share content material, data, and functions to enhance productiveness and decision-making. By integrating Amazon Q with SharePoint, companies can empower their workers to entry data and insights from SharePoint extra effectively and successfully.

With the Amazon Q and SharePoint On-line integration, enterprise customers can do the next:

  • Get prompt solutions – Customers can ask pure language questions and Amazon Q will present correct, up-to-date solutions by looking and synthesizing data from throughout the group’s SharePoint websites and content material.
  • Speed up analysis and evaluation – As a substitute of manually looking by SharePoint paperwork, customers can use Amazon Q to rapidly discover related data, summaries, and insights to assist their analysis and decision-making.
  • Streamline content material creation – Amazon Q can help in producing drafts, outlines, and even full content material items (resembling experiences, articles, or shows) by drawing on the data and knowledge saved in SharePoint.
  • Automate workflows and duties – Amazon Q will be configured to finish routine duties and queries (resembling producing standing experiences, answering FAQs, or requesting data) by interacting with the related SharePoint knowledge and functions.
  • Improve collaboration – By making SharePoint content material extra accessible and actionable by Amazon Q, the combination facilitates higher data sharing, problem-solving, and collaboration throughout the group.

On this submit, we information you thru the method of organising the SharePoint On-line connector in Amazon Q Enterprise. This may allow your group to make use of the ability of generative AI to unlock the complete worth of your SharePoint funding and empower your workforce to work smarter and extra effectively.

Discover correct solutions from content material in Microsoft SharePoint utilizing Amazon Q Enterprise

After you combine Amazon Q Enterprise with Microsoft SharePoint, customers can ask questions from the physique of the doc. For this submit, we use a SharePoint On-line web site named HR Insurance policies that has details about the journey coverage, state incapacity insurance coverage coverage, payroll taxes, and paid household go away program for California saved in doc libraries. A number of the questions you possibly can ask Amazon Q Enterprise would possibly embrace the next:

  • Is there a go away plan in California for brand spanking new dad and mom?
  • Can I declare incapacity insurance coverage throughout this time?
  • Earlier than making use of for go away, I wish to submit my submit expense report, how can I do it?
  • Is there any restrict on spending on a enterprise journey?
  • How can I calculate UI and ETT?

Overview of the info supply

SharePoint is a website-based collaboration system that’s used as a safe place to retailer, set up, share, and entry data from any machine. SharePoint empowers teamwork with dynamic and productive workforce websites for each venture workforce, division, and division.

SharePoint is offered in two choices: SharePoint Server and SharePoint On-line. SharePoint Server is a domestically hosted platform that your organization owns and operates. You’re answerable for all the pieces from server structure, lively listing, to file storage. SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Version are the lively SharePoint Server releases. SharePoint On-line is a cloud-based service supplied straight from Microsoft. They maintain identification administration structure, and web site administration. SharePoint Sever and SharePoint On-line include pages, information, attachments, hyperlinks, occasions, and feedback that may be crawled by Amazon Q SharePoint connectors for SharePoint Server and SharePoint On-line.

ML 16648 add image 001

SharePoint On-line and SharePoint Server provide a web site content material house the place web site homeowners can view an inventory of all pages, libraries, and lists for his or her web site. The positioning content material house additionally offers entry so as to add lists, pages, doc libraries, and extra.

HR Policies SharePoint Site document library folder structure

Pages are the contents saved on webpages; these are supposed to show data to the end-user.

SharePoint Site Pages

A doc library offers a safe place to retailer information the place you and your coworkers can discover them simply. You may work on them collectively and entry them from any machine at any time.

document library with files

An inventory is likely one of the knowledge storage mechanisms inside SharePoint. It offers the UI to view the objects in an inventory. You may add, edit, and delete objects or view particular person objects.

SharePoint List

Overview of the SharePoint On-line connector for Amazon Q Enterprise

To crawl and index contents from SharePoint On-line, you possibly can configure the Amazon Q Enterprise SharePoint On-line connector as an information supply in your Amazon Q enterprise utility. Once you join Amazon Q Enterprise to a knowledge supply and provoke the sync course of, Amazon Q Enterprise crawls and indexes paperwork from the info supply into its index.

Let’s have a look at what are thought-about as paperwork within the context of Amazon Q enterprise SharePoint On-line connector. A doc is a set of knowledge that consists of a title, the content material (or the physique), metadata (knowledge concerning the doc), and entry management checklist (ACL) data to verify solutions are supplied from paperwork that the consumer has entry to.

The next entities in SharePoint are crawled and listed as paperwork together with their metadata and entry management data:

  • Recordsdata
  • Occasions
  • Pages
  • Hyperlinks
  • Attachments
  • Feedback

Amazon Q Enterprise crawls knowledge supply doc attributes or metadata and maps them to fields in your Amazon Q index. Seek advice from Amazon Q Enterprise SharePoint On-line knowledge supply connector area mappings for extra particulars.

Configure and put together the Amazon Q connector

Earlier than you index the content material from Microsoft SharePoint on-line, your must first set up a safe connection between the Amazon Q Enterprise connector for SharePoint On-line along with your SharePoint On-line occasion. To determine a safe connection, you might want to authenticate with the info supply.

The next are the supported authentication mechanisms for the SharePoint connector:

  • Fundamental Authentication
  • OAuth 2.0 with Useful resource Proprietor Password Credentials Circulation
  • Azure AD App-Solely (OAuth 2.0 Certificates)
  • SharePoint App-Solely with Shopper Credentials Circulation
  • OAuth 2.0 with Refresh Token Circulation

Safe querying with ACL crawling, identification crawling, and consumer retailer

Safe querying is when a consumer runs a question and is returned solutions from paperwork that the consumer has entry to and never from paperwork that the consumer doesn’t have entry to. To allow customers to do safe querying, Amazon Q Enterprise honors ACLs of the paperwork. Amazon Q Enterprise does this by first supporting the indexing of ACLs. Indexing paperwork with ACLs is essential for sustaining knowledge safety, as a result of paperwork with out ACLs are thought-about public. At question time, the consumer’s credentials (e-mail deal with) are handed together with the question in order that solutions from paperwork which are related to the question and which the consumer is allowed to entry are displayed.

A doc’s ACL accommodates data such because the consumer’s e-mail deal with and the native teams or federated teams (if Microsoft SharePoint is built-in with an identification supplier (IdP) resembling Azure Energetic Listing/Entra ID) which have entry to the doc. The SharePoint on-line knowledge supply will be optionally related to an IdP resembling Okta or Microsoft Entra ID. On this case, the paperwork in SharePoint On-line can have the federated group data.

When a consumer logs in to an internet utility to conduct a search, the consumer’s credentials (resembling an e-mail deal with) must match that’s within the ACL of the doc to return outcomes from that doc. The online utility that the consumer makes use of to retrieve solutions could be related to an IdP or AWS IAM Identification Heart. The consumer’s credentials from the IdP or IAM Identification Heart are referred to right here because the federated consumer credentials. The federated consumer credentials resembling the e-mail deal with are handed together with the question in order that Amazon Q can return the solutions from the paperwork that this consumer has entry to. Nonetheless, typically this consumer’s federated credentials might not be current within the SharePoint On-line knowledge supply or the SharePoint doc’s ACLs. As a substitute, the consumer’s native consumer alias, native teams that this native consumer alias is part of, or the federated teams that the federated consumer is part of can be found within the doc’s ACL. Subsequently, there’s a must map the federated consumer credential to the native consumer alias, native teams, or federated teams within the doc ACL.

To map this federated consumer’s e-mail deal with to the native consumer aliases, native teams, or federated teams, sure Amazon Q Enterprise connectors, together with the SharePoint On-line connector, present an identification crawler to load the identification data (native consumer alias, native teams, federated teams, and their mappings, together with some other mappings to a federated consumer) from the related knowledge sources right into a consumer retailer. At question time, Amazon Q Enterprise retrieves the related native consumer aliases, native teams, and any federated teams from the consumer retailer and makes use of that together with the question for securely retrieving passages from paperwork that the consumer has entry to.

If you might want to index paperwork with out ACLs, you could be certain they’re explicitly marked as public in your knowledge supply.

Seek advice from How Amazon Q Enterprise connector crawls SharePoint (On-line) ACLs for extra particulars.

Amazon Q indexes the paperwork with ACLs and units the consumer’s e-mail deal with or consumer principal identify for the consumer and the group identify [site URL hash value | group name] for the native group within the ACL. If the SharePoint On-line knowledge supply is related to an IdP resembling Azure AD/Entra ID or Okta, the AD group identify seen within the SharePoint web site is ready because the federated group ACL. The identification crawler units these the identical because the principals together with the out there mappings within the consumer retailer. Any extra mappings have to be set within the consumer retailer utilizing the consumer retailer APIs.

Overview of resolution

This submit presents the steps to create a certificates and personal key, configure Azure AD (both utilizing the Azure AD console or a PowerShell script), and configure Amazon Q Enterprise.

For this submit, we use a SharePoint On-line web site named HR Insurance policies that hosts coverage paperwork in a Paperwork library and payroll tax paperwork in a Payroll Taxes library to stroll you thru the answer.

In one of many eventualities that we validate, a SharePoint consumer (Carlos Salazar) is a part of the SharePoint web site members group, and he has entry solely to coverage paperwork within the Paperwork library.

SharePoint Document Library with HR Travel policy and other policy document

Carlos Salazar can obtain responses for queries associated to HR insurance policies, as proven within the following instance.

Amazon Q Business Web application with question and response on leave plan in California for new parents

Nonetheless, for questions associated to payroll tax, he didn’t obtain any response.

Amazon Q Business Web application with question and response

One other SharePoint consumer (John Doe) is a part of the SharePoint web site homeowners group and has entry to each the Paperwork and Payroll Taxes libraries.

document library with Payroll tax files

John Doe receives responses for queries associated to payroll taxes, as proven within the following instance.

Amazon Q Business Web application with question and response on "how can i calculate UI and ETT"

Stipulations

You must meet the next stipulations:

  • The consumer performing these steps must be a worldwide administrator on Azure AD/Entra ID.
  • Configure Microsoft Entra ID and IAM Identification Heart integration.
  • You want a Microsoft Home windows occasion to run PowerShell scripts and instructions with PowerShell 7.4.1+. Particulars of the required PowerShell modules are described later on this submit.
  • The consumer ought to have administrator permissions on the Home windows occasion.
  • Guarantee that the consumer operating these PowerShell instructions has the correct M365 license (for instance, M365 E3).

Create the certificates and personal key

In Azure AD, when configuring App-Solely authentication, you usually use a certificates to request entry. Anybody with the certificates’s personal key can use the app and the permissions granted to the app. We create and configure a self-signed X.509 certificates that can be used to authenticate Amazon Q towards Azure AD, whereas requesting the App-Solely entry token. The next steps stroll you thru the setup of this mannequin.

For this submit, we use Home windows PowerShell to run just a few PowerShell instructions. You should use an present Home windows occasion or spin up a Home windows EC2 occasion or Home windows workstation to run the PowerShell instructions.

You should use the next PowerShell script to create a self-signed certificates. You can even generate the self-signed certificates by the New-PnPAzureCertificate command.

  1. Run the next command:
.Create-SelfSignedCertificate.ps1 -CommonName "" -StartDate  -EndDate 

You’ll be requested to present a password to encrypt your personal key, and each the .PFX file and the .CER file can be exported to the present folder (the place you ran the PowerShell script from). Confirm that you simply now have a .cer and .pfx file.

  1. Add this .cer file to an S3 location that your Amazon Q IAM function has GetObject permissions for. You may let Amazon Q create this function for you in future steps outlined later on this submit, and the proper permissions can be added for you if you happen to select.

Now you extract the personal key contents from the .pfx file and reserve it for Amazon Q connector configuration. This .pfx file can be current within the folder the place you have got saved the certificates.

  1. Run the next command to extract the personal key:
openssl pkcs12 -in [amazonqbusinessdemo.pfx] -nocerts -out [amazonqbusinessdemo.key]

You’ll be prompted for the import password. Enter the password that you simply used to guard your key pair whenever you created the .pfx file (shopper ID, in our case). You’ll be prompted once more to offer a brand new password to guard the .key file that you’re creating. Retailer the password to your key file in a safe place to keep away from misuse. (Once you enter a password, the window reveals nothing if you happen to’re utilizing the Home windows CMD window. Enter your password and select Enter.)

  1. Run the next command to decrypt the personal key:
openssl rsa -in [amazonqbusinessdemo.key] -out [amazonqbusinessdemo-decrypted.key]

  1. Run the next command to extract the certificates:
openssl pkcs12 -in [amazonqbusinessdemo.pfx] -clcerts -nokeys -out [amazonqbusinessdemo.crt]

This decrypted key and certificates can be utilized by the connector for authentication functions.

  1. Add the X.509 certificates (ending with .crt) to an S3 bucket. This can be used when configuring the SharePoint On-line connector for Amazon Q.
    1. Confirm the contents of the file amazonqbusinessdemo-decrypted.key begins with the usual BEGIN PRIVATE KEY header.
    2. Copy and paste the contents of the amazonqbusinessdemo-decrypted.key to be used later in our Amazon Q setup.

Configure Azure AD

You may configure Azure AD utilizing both of the next strategies:

  • Utilizing the Azure AD console GUI. It is a guide step-by-step course of.
  • Utilizing the supplied PowerShell script. That is an automatic course of that takes within the inputs and configures the required permissions.

Observe the steps for both possibility to finish the Azure AD configuration.

Configure Azure AD utilizing the Azure AD console

To configure Azure AD utilizing the GUI, you first register an Azure AD utility within the Azure AD tenant that’s linked to the SharePoint On-line/O365 tenant. For extra particulars, see Granting entry by way of Azure AD App-Solely.

  1. Open the Workplace 365 Admin Heart utilizing the account of a consumer member of the Tenant International Admins group.
  2. Navigate to Microsoft Azure Portal.
  3. Seek for and select App registrations.

Azure Portal for App registration

  1. Select New registration.

Azure Portal for App registration step

  1. Enter a reputation to your utility, choose who can use this utility, and select Register.

Azure Portal for App registration with name and account types field

An utility can be created. You will notice a web page like the next screenshot.

  1. Word the applying (shopper) ID and the listing (tenant) ID.

These IDs can be completely different than what’s proven within the screenshot.

Azure App wiht client ID and Tenant ID

Now you possibly can configure the newly registered utility for SharePoint permissions.

  1. Select API permissions within the navigation pane.
  2. Select Add a permission so as to add the permissions to your utility.

Azure App API Permission tab

  1. Select SharePoint from the checklist of functions.

Azure App API Permission tab Request API Permission

  1. Configure permissions.

There are two other ways to configure SharePoint permissions.

To configure permissions to entry a number of SharePoint Website collections (utilizing Azure AD App-Solely permissions), choose Website.FullControl.All to permit full management permissions to all of the SharePoint web site collections and to learn the ACLs from these web site collections.

azure app registration request API permission tab

This permission requires admin consent in a tenant earlier than it may be used. To take action, select Grant admin consent for and select Sure to verify.

azure app Grant Admin consent confirmation

Alternatively, to configure permissions to entry particular SharePoint web site collections, choose Websites.Chosen to permit entry to a subset of web site collections with no signed-in consumer. The precise web site collections and the permissions granted can be configured in SharePoint On-line.

Request API permission for Sites and Add permission

This permission requires admin consent in a tenant earlier than it may be used. To take action, select Grant admin consent for and select Sure to verify.

Azure App Grand Admin consent confirmation page

Subsequent, you grant Azure AD app permissions to a number of SharePoint web site collections. Make sure that the next stipulations are in place:

  • You could have Home windows Server/Workstation with PowerShell 7.4.1+.
  • The consumer operating these PowerShell instructions should have the correct M365 license (for instance, M365 E3).
  • Set up the PowerShell modules utilizing Set up-Module -Title PnP.PowerShell -AllPreRelease.
  • If that is your first-time operating PowerShell instructions, run the Join-PnPOnline -Url -PnPManagementShell PowerShell command and full the consent course of to make use of PnP cmdlets. Alternatively, run the Register-PnPManagementShellAccess cmdlet, which grants entry to the tenant for the PnP administration shell multi-tenant Azure AD utility.
  1. Open PowerShell and connect with SharePoint On-line utilizing the Join-PnPOnline command:
Join-PnPOnline -Url  -PnPManagementShell

  1. Add the Azure AD app to a number of particular web site assortment permissions utilizing Grant-PnPAzureADAppSitePermission:
Grant-PnPAzureADAppSitePermission -AppId  -DisplayName  -Website [] -Permissions  

If you wish to configure permissions to a couple of SharePoint On-line web site assortment, then you could repeat the previous PowerShell instructions for each assortment.

Now you’re prepared to attach the certificates.

  1. Select Certificates & secrets and techniques within the navigation pane.
  2. On the Certificates tab, select Add certificates.

Azure App registration Certificate and Secrets page

  1. Select the .cer file you generated earlier and select Add to add it.

Upload Certificate by Add option

This completes the configuration on the Azure AD facet.

Configure Azure AD utilizing the supplied PowerShell script

The consumer operating this PowerShell script must be an Azure AD tenant admin or have tenant admin permissions. Moreover, as a prerequisite, set up the MS Graph PowerShell SDK.

Full the next steps to run the PowerShell script:

  1. Run the PowerShell script and comply with the directions.

This script will do the next:

  • Register a brand new utility in Azure AD/Entra ID
  • Configure the required SharePoint permissions
  • Present admin consent for the permissions

The output from the PowerShell script will seem like the next screenshot.

PowerShell Script for Certificate

  1. If you happen to selected Chosen because the permission to focus on a selected SharePoint Website assortment, proceed with the steps to configure a selected SharePoint Website assortment as talked about earlier.
  2. When you’ve got a couple of SharePoint web site assortment to be crawled, repeat the earlier step to configure every assortment.

Configure Amazon Q

Be sure to have arrange Amazon Q Enterprise with Entra ID as IdP as talked about within the stipulations. Additionally, be certain the e-mail ID is in lowercase letters whereas creating the customers in Entra ID.

Observe the directions in Connecting Amazon Q Enterprise to SharePoint (On-line) utilizing the console.

For Step 9 (Authentication), we select Azure AD App-Solely authentication and configure it as follows:

  • For Tenant ID, enter the tenant ID of your SharePoint account. This can be listing (tenant) ID in your registered Azure utility, within the Azure Portal, as proven within the following screenshot (the IDs can be completely different to your setup).

Azure App for Application client id and Tenant ID

  • For Certificates path, enter the full S3 path to your certificates (for instance, s3://certBucket/azuread.crt). That is the Azure AD self-signed X.509 certificates to authenticate the connector for Azure AD. This certificates was created earlier.
  • For AWS Secrets and techniques Supervisor secret, create a secret in AWS Secrets and techniques Supervisor to retailer your SharePoint authentication credentials:
    • For Secret identify, enter a reputation to your secret.
    • For Shopper ID, enter the Azure AD shopper ID generated whenever you registered SharePoint in Azure AD. That is the applying (shopper) ID created within the Azure Portal when registering the SharePoint utility in Azure, as described earlier.
    • For Non-public key, enter a non-public key to authenticate the connector for Azure AD. That is the contents of the .pfx file you created when registering your Azure SharePoint utility, as described earlier. Enter the decrypted contents of that .pfx file in its entirety. Select Present personal key to confirm it matches the contents to your .pfx file.

Secret created in AWS Secret Manager

Proceed with the remainder of the steps in Connecting Amazon Q Enterprise to SharePoint (On-line) utilizing the console.

Entry the net expertise on Amazon Q

To entry the net expertise, full the next steps:

  1. On the Amazon Q Enterprise console, select Functions within the navigation pane.
  2. Select the applying you created.
  3. Select the hyperlink underneath Net expertise URL to browse Amazon Q.

Getting Web Application URL from Amazon Q Business Application page

  1. When prompted, authenticate with Entra ID/Azure AD.

After you’re authenticated, you possibly can entry Amazon Q. You may ask Amazon Q a query and get a response based mostly on the permissions of the logged-in consumer.

References

param(
  [Parameter(Mandatory=$true,
  HelpMessage="The friendly name of the app registration")]
  [String]
  $AppName,

  [Parameter(Mandatory=$true,
  HelpMessage="The file path to your public key file")]
  [String]
  $CertPath,

  [Parameter(Mandatory=$false,
  HelpMessage="Your Azure Active Directory tenant ID")]
  [String]
  $TenantId,

  [Parameter(Mandatory=$false)]
  [Switch]
  $StayConnected = $false
)

# Show the choices for permission
$validOptions = @('R', 'F', 'S')
Write-Host "Choose the permissions: [F]-sites.FullControl.All [S]-sites.Chosen"

# Loop to immediate the consumer till a legitimate possibility is chosen
do {
    foreach ($possibility in $validOptions) {
        Write-Host "[$option]"
    }
    $selectedPermission = Learn-Host "Enter your selection (F or S)"
} whereas ($selectedPermission -notin $validOptions)

# Map consumer enter to corresponding permissions
$permissionMapping = @{
    'F' = '678536fe-1083-478a-9c59-b99265e6b0d3'
    'S' = '20d37865-089c-4dee-8c41-6967602d4ac8'
}

$selectedPermissionValue = $permissionMapping[$selectedPermission]

# Requires an admin
if ($TenantId)
{
  Join-MgGraph -Scopes "Software.ReadWrite.All Consumer.Learn AppRoleAssignment.ReadWrite.All" -TenantId $TenantId
}
else
{
  Join-MgGraph -Scopes "Software.ReadWrite.All Consumer.Learn AppRoleAssignment.ReadWrite.All"
}

# Graph permissions constants
$sharePointResourceId = "00000003-0000-0ff1-ce00-000000000000"
$SitePermission = @{
  Id=$selectedPermissionValue
  Sort="Function"
}

# Get context for entry to tenant ID
$context = Get-MgContext

# Load cert
$cert = New-Object System.Safety.Cryptography.X509Certificates.X509Certificate2($CertPath)
Write-Host -ForegroundColor Cyan "Certificates loaded"

# Create app registration
$appRegistration = New-MgApplication -DisplayName $AppName -SignInAudience "AzureADMyOrg" `
 -Net @{ RedirectUris="http://localhost"; } `
 -RequiredResourceAccess @{ ResourceAppId=$sharePointResourceId; ResourceAccess=$UserReadAll, $GroupReadAll, $SitePermission } `
 -AdditionalProperties @{} -KeyCredentials @(@{ Sort="AsymmetricX509Cert"; Utilization="Confirm"; Key=$cert.RawData })
Write-Host -ForegroundColor Cyan "App registration created with app ID" $appRegistration.AppId

# Create corresponding service principal
$servicePrincipal= New-MgServicePrincipal -AppId $appRegistration.AppId -AdditionalProperties @{} | Out-Null
Write-Host -ForegroundColor Cyan "Service principal created"
Write-Host
Write-Host -ForegroundColor Inexperienced "Success"
Write-Host

# Offering admin consent
$scp = Get-MgServicePrincipal -Filter "DisplayName eq '$($AppName)'" 
$app = Get-MgServicePrincipal -Filter "AppId eq '$sharePointResourceId'" 
New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $scp.id -PrincipalId $scp.Id -ResourceId $app.Id -AppRoleId $selectedPermissionValue  

# Generate Join-MgGraph command
$connectGraph = "Join-MgGraph -ClientId """ + $appRegistration.AppId + """ -TenantId """`
 + $context.TenantId + """ -CertificateName """ + $cert.SubjectName.Title + """"
Write-Host $connectGraph

if ($StayConnected -eq $false)
{
  Disconnect-MgGraph
  Write-Host "Disconnected from Microsoft Graph"
}
else
{
  Write-Host
  Write-Host -ForegroundColor Yellow "The connection to Microsoft Graph continues to be lively. To disconnect, use Disconnect-MgGraph"

  • You may check if the Grant-PnPAzureADAppSitePermission cmdlet labored by connecting to the SharePoint web site utilizing the Azure AD app that has the SharePoint.Websites.Chosen permission and run just a few SharePoint API calls:
    1. Make a remark of the certificates thumbprint as proven earlier.
    2. Set up the certificates for the present consumer within the Home windows Certificates Administration Retailer.
    3. Run the next PowerShell cmdlet to hook up with the SharePoint web site assortment utilizing PnPOnline:
Join-PnPOnline -Url “ -ClientId "" -Thumbprint "" -Tenant "

    1. Run Get-PnPList to checklist all of the SharePoint lists within the web site assortment and make sure that the permissions are configured appropriately:

Troubleshooting

For troubleshooting steering, confer with Troubleshooting your SharePoint (On-line) connector.

Clear up

Full the next steps to wash up your assets:

  1. Open the Workplace 365 Admin Heart utilizing the account of a consumer member of the Tenant International Admins group.
  2. Navigate to the Microsoft Azure Portal.
  3. Seek for and select App registrations.
  4. Choose the app you created earlier, then select Delete.
  5. On the Amazon Q Enterprise console, select Functions within the navigation pane.
  6. Choose the applying you created, and on the Actions menu, select Delete.

Conclusion

On this submit, we explored how Amazon Q Enterprise can seamlessly combine with SharePoint On-line to assist enterprises unlock the worth of their knowledge and data. With the SharePoint On-line connector, organizations can empower their workers to search out solutions rapidly, speed up analysis and evaluation, streamline content material creation, automate workflows, and improve collaboration.

We walked you thru the method of organising the SharePoint On-line connector, together with configuring the required Azure AD integration and authentication mechanisms. With these foundations in place, you can begin unlocking the complete potential of your SharePoint funding and drive better productiveness, effectivity, and innovation throughout your small business.

Now that you simply’ve realized the right way to combine Amazon Q Enterprise along with your Microsoft SharePoint On-line content material, it’s time to unlock the complete potential of your group’s data and knowledge. To get began, join an Amazon Q Enterprise account and comply with the steps on this submit to arrange the SharePoint On-line connector. Then you can begin asking Amazon Q pure language questions and watch because it surfaces probably the most related data out of your firm’s SharePoint websites and paperwork.

Don’t miss out on the transformative energy of generative AI and the Amazon Q Enterprise platform. Join in the present day and expertise the distinction that Amazon Q could make to your group’s SharePoint-powered data and content material administration.


In regards to the Authors

ML 16648 add image 028 1Vijai Gandikota is a Principal Product Supervisor on the Amazon Q and Amazon Kendra workforce of Amazon Net Companies. He’s answerable for the Amazon Q and Amazon Kendra connectors, ingestion, safety, and different facets of Amazon Q and Amazon Kendra.

ML 16648 add image 029.png 1Satveer Khurpa is a Senior Options Architect on the GenAI Labs workforce at Amazon Net Companies. On this function, he makes use of his experience in cloud-based architectures to develop modern generative AI options for purchasers throughout various industries. Satveer’s deep understanding of generative AI applied sciences allows him to design scalable, safe, and accountable functions that unlock new enterprise alternatives and drive tangible worth.

ML 16648 add image 030 1Vijai Anand Ramalingam is a Senior Modernization Architect at Amazon Net Companies, specialised in enabling and accelerating prospects’ utility modernization, transitioning from legacy monolith functions to microservices.

ML 16648 add image 031 1 Ramesh Jatiya is a Senior Options Architect within the Impartial Software program Vendor (ISV) workforce at Amazon Net Companies. He’s keen about working with ISV prospects to design, deploy, and scale their functions within the cloud to derive enterprise worth. He’s additionally pursuing an MBA in Machine Studying and Enterprise Analytics from Babson Faculty, Boston. Exterior of labor, he enjoys operating, enjoying tennis, and cooking.

ML 16648 add image 032.png 1 Neelam Rana is a Software program Improvement Engineer on the Amazon Q and Amazon Kendra engineering workforce. She works on Amazon Q connector design, growth, integration, and check operations.

ML 16648 add image 033 1Dipti Kulkarni is a Software program Improvement Supervisor on the Amazon Q and Amazon Kendra engineering workforce of Amazon Net Companies, the place she manages the connector growth and integration groups.



Supply hyperlink

LEAVE A REPLY

Please enter your comment!
Please enter your name here