Why Does Collabspace Need Azure AD Consent?
When your organization grants Collabspace access to your organization's Azure AD, the following permissions are granted to Collabspace:
- Allow AD Groups to be added to Collabspace
- Allow Exchange Mailboxes to be archived
- Allow SharePoint Permissions to be indexed
Collabspace needs access to Azure AD to find and add user groups to Collabspace. Most organizations rely on AD Groups to manage their users, which is why Collabspace is designed to leverage these groups. Users must be added either individually or as part of an AD Group to use Collabspace features.
As for the Mailboxes, Collabspace connects to Exchange by its AD Groups, rather than having organizations point Collabspace at either their entire Exchange Server or at individual users. When adding an Exchange Connector, you query AD Groups and then add them to the connector.
It is possible to use Collabspace without granting Azure AD consent. However, both Exchange and SharePoint Online require Admin Consent before they can be added as Connectors, so the functionality would be very limited.
Who Can Grant Azure AD Consent?
Azure AD consent can only be granted by a user who has permission to do so. In most cases, this will be the Azure AD Administrator, or some other Administrator within the IT department. Most users do not have permission to grant Azure AD consent.
If someone attempts to grant Azure AD consent without permission to do so, they will be blocked.
If the user who has permission to grant AD consent is not a Collabspace User, then they will need to be added to Collabspace. Users can be added individually prior to granting AD consent as long as they are present in your Contacts List.
Make sure to make them at least a User Administrator, although a Global Administrator might be more appropriate.
They will receive an email to join Collabspace and can then grant Azure AD consent.
What Permissions Are Being Granted?
The permissions that are being granted with Azure AD consent are as follows
Can Consent Be Retracted?
Azure AD consent can be removed at any time. However, this needs to be done within the Azure application by an Administrator. Collabspace does not have any user interface that would allow access to modifying Azure settings.