Mindbreeze GmbH, A-4020 Linz, 2022.
All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.
These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.
For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.
Using the Microsoft Graph connector, all users in your Microsoft Graph instance can be indexed so that they can be found in the Mindbreeze search.
To create or register the app, navigate to "Azure Active Directory" -> "App registrations" and click on the "New registration" button:
After the app has been created, a secret must be generated so that the crawler can actually log in. This is normally requested automatically after the app has been created. Otherwise, click on the desired app under "App registrations" -> "Owned applications" and then create the secret under "Certificates & secrets" -> "New client secret".
When creating the secret, you can set the expiration time. We recommend a runtime of 6-12 months, so that the secret is changed regularly.
Note: You must copy the created secret so that you can enter it directly in the Mindbreeze configuration. You can add the secret in the Network tab under the "Credentials" area by clicking on the "Add Credential" button.
When you leave the page, you can no longer have a look at the secret.
Now you have to give the app the required permissions. To do this, navigate to "App permissions". The Microsoft Graph Crawler needs the following Application Permissions in Microsoft Graph:
In the Indices tab, add a new index using the +Add Index button. Select the desired Index Node and Client Service and specify the Microsoft Graph data source in the Data Source field. Then confirm your entries with the Apply button
Now configure the data source.
The Tenant ID of your Microsoft 365 instance. You can find this on the Overview page of the app you created in Azure.
The Application (Client) ID of the app created in Azure.
The Credential created in the Network tab, which contains the created Client Secret.
Crawler Thread Count
Number of threads used for indexing.
Log All Requests
If this option is activated, all requests against the Graph API are written to a logfile. Should only be activated for troubleshooting.
Enable Delta Crawl
As long as this option is activated, the crawler only fetches all users from Microsoft Teams during the first crawl run, after that, only changes to users (new user, user edited, user deleted, etc.) are fetched. With this setting a better performance can be achieved
Only deactivate this option if there is an inconsistency between the index and the actual Users in Microsoft Graph.
Use Profile Picture as Thumbnail
If this option is enabled, the user's profile picture in Microsoft Graph will be used as a thumbnail in the Mindbreeze search.
Static Access Rules
Since there are no permissions to view users in Microsoft Graph, no ACLs are set in Mindbreeze. This means that the Microsoft Graph Crawler should generally be used on a public index.
However, if you want to restrict access to certain groups (e.g. only logged-in users, management, HR, etc.), you can do this with the help of this setting. The access rules defined here are set for all indexed users.
The following setting options are available:
The following requests are executed by the Microsoft Graph Connector during the crawlrun.
Fetching the Access Token.
Fetch all users during the first crawl run and afterwards, if the option "Enable Delta Crawl" is enabled, also fetch the users that have been changed since the last crawl run.
Downloading the profile picture of a user.