Mindbreeze GmbH, A-4020 Linz, 2022.
All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.
These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.
For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.
Using the Microsoft Azure Principal Resolution Service, groups in Microsoft Azure can be resolved. These groups are used by many Microsoft services, such as SharePoint Online, Teams, or Stream. If you have set up a connector for any of these data sources, you should also use the Microsoft Azure Principal Resolution Service.
In order for the Principal Resolution Service to resolve Microsoft Azure groups, a new app must first be created that has the permissions to read Microsoft Azure groups. This app can be created at portal.azure.com.
Navigate to Azure Active Directory -> App registrations and click the "New Registration" button to register a new app:
After you have created the app, you still need to create a Secret so that the Principal Resolution Service can actually log in:
When creating the client secret, an expiry time can be selected. We recommend 6-12 months so that the secret is changed regularly.
After that you can copy the secret. When you leave the page, you will not be able to view the secret anymore, so make sure that you enter the secret directly into the Mindbreeze configuration (see next section).
Now you need to give the app the permissions it needs. Navigate to "App permissions" to do this. The Microsoft Azure Principal Resolution Service requires the following Application Permissions in Microsoft Graph:
After granting the app permission, you still need to give "admin consent". To do this, use the "Grant admin consent for <MyInstance>" button:
Go to the "Indices" tab, scroll down and add a new service in the "Services" section by clicking "Add Service". Select "Microsoft Azure Principal Resolution Service" and assign a display name.
The tenant ID of your Microsoft 365 instance. You can find this on the overview page of the created app in Azure.
The application (client) ID of the app created in Azure.
The credential created in the Network tab, which contains the created client secret.
Crawler Thread Count
Number of threads used for processing the groups.
Resolve only Teams
If this option is enabled, only groups that have an associated team in Microsoft Teams will be resolved. If this Principal Resolution Service is to be used only for Microsoft Teams, enable this setting for optimal performance.
Log All Requests
If this option is enabled, all requests against the Graph API are written to a log file. Should be enabled for troubleshooting only.
Enable Delta Update
As long as this option is enabled, the Principal Service will only fetch all groups from Microsoft Teams during the first update, after which it will only fetch the changes to the groups, which significantly improves performance.
Disable this option only if there is an inconsistency between the Principal Service and the actual groups in Microsoft Teams.
[Deprecated] Exclusively Use Beta API
This option is deprecated and should not be enabled.
If this option is enabled, the Principal Resolution Service uses the /beta API. Otherwise, the /v1.0 API is used.