Why Businesses Rely

Configuration Guide

How to add tour tenant?

1. Prerequisite

Dathena needs an application registered in your tenant in Azure Portal. To do so, you need to log in as a Global Administrator, an Application Manager, or a Cloud Application Manager.


2. Register Dathena application in your Azure Portal

a. In Dathena, in the “Tenant Management” page, download the certificate.

b. In your Azure Portal, go to the App Registrations Service.

c. Click on “New Registration”, fill up the fields with below information and click on “Register”:

  • Name: Write a meaningful name to identify Dathena app (e.g. “Dathena_app”).
  • Support account types: Select “[…] Single Tenant”.
  • Redirect URI: Leave it empty.


3. Allow the App Permissions

a. In the Azure Portal, go to “API Permissions”.

b. Click on “Add a permission” and add the following permissions.

API Type Permission Name Description and Reason
Microsoft Graph Application permissions Directory.Read.All Read the organization’s directory. Required to list the users.
Group.Read.All Read the group properties and membership. Required to list the users within the groups.
Sites.Read.All Read the SharePoint sites. Required to discover the sites that will be analysed.
User.Read.All Read the users in the organization. Required to list the users and their licenses
InformationProtectionPolicy.Read.All Read all published labels and label policies for an organization
SharePoint Application permissions Sites.FullControl.All

Read the files' metadata and collect the groups and users access to the files.

Only FullControl allows collecting the accesses.


If you’re activating External File Sharing Management, the following permission is also required:

API Type Permission Name Description and Reason
Microsoft Graph Application permissions GroupMember.ReadWrite.All Allow Dathena to update the membership of the groups. Required to remove the accesses to the files shared externally directly from Dathena application.


If you’re activating Augmented Data Protection product, the following permissions are also required:

API Type Permission Name Description and Reason
Azure Rights Management Service Application permissions Content.SuperUser Read the protected content.
Content.Writer Create protected content.
Microsoft Information Protection Sync Service Application permissions UnifiedPolicy.TenantRead Read all unified policies.


Smart License Management and Data and User Risk Assessment do not require extra permissions.

c. Click on “Grant Admin Consent for [your tenant name]” and accept the message


4. Upload the Certificate in your Azure Portal

a. In the Azure Portal, go to “Certificates & secrets”.

b. Click on “Upload certificate” and upload the certificate you downloaded earlier. The certificate should be downloaded from the “Tenant Management” page in Dathena.


5. Fill in the information in Dathena

In Dathena, in “Tenant Management”, fill up the fields with below information:

SharePoint domain name. Go to your SharePoint and identify the domain name in your SharePoint URL (https://domain.sharepoint.com). You can access SharePoint from office.com and click on the SharePoint icon.

Application (Client) ID and Directory (Tenant) ID. Find this information in the “Overview” page of the Azure Portal.

Client Secret

  • Go to “Certificates & secrets” and click on “New client secret”.
  • Give it a description (e.g. Dathena - October 2020) and an expiry date (1 year is enough).
  • Copy and paste the Client Secret Value.


6. Start the process

Once the steps completed, click on “Start Analysis”. The analysis will start and can take up to 48 hours. You will get notified when the process is done.

Do you need any help? Reach out to us