1. Prerequisite

Dathena needs an application registered in your tenant in Azure Portal. To do so, you need to log in as a Global Administrator, an Application Manager, or a Cloud Application Manager.

2. Register Dathena application in your Azure Portal

a. In Dathena, in the “Tenant Management” page, download the certificate.

b. In your Azure Portal, go to the App Registrations Service.

c. Click on “New Registration”, fill up the fields with below information and click on “Register”:

  • Name: Write a meaningful name to identify Dathena app (e.g. “Dathena_app”).
  • Support account types: Select “[…] Single Tenant”.
  • Redirect URI: Leave it empty.

3. Allow the App Permissions

a. In the Azure Portal, go to “API Permissions”.

b. Click on “Add a permission” and add the following permissions.



Permission Name

Description and Reason

Microsoft Graph




Read the organization’s directory. Required to list the users.


Read the group properties and membership. Required to list the users within the groups.


Read the SharePoint sites. Required to discover the sites that will be analysed.


Read the users in the organization. Required to list the users and their licenses


Read all published labels and label policies for an organization


Application permissions


Read the files' metadata and collect the groups and users access to the files.

Only FullControl allows collecting the accesses.

If you’re activating External File Sharing Management, the following permission is also required:



Permission Name

Description and Reason

Microsoft Graph




Allow Dathena to update the membership of the groups. Required to remove the accesses to the files shared externally directly from Dathena application.

If you’re activating Augmented Data Protection product, the following permissions are also required:



Permission Name

Description and Reason

Azure Rights Management Service




Read the protected content.


Create protected content.

Microsoft Information Protection Sync Service

Application permissions


Read all unified policies.

Smart License Management and User Risk Assessment do not require extra permissions.

c. Click on “Grant Admin Consent for [your tenant name]” and accept the message

4. Upload the Certificate in your Azure Portal

a. In the Azure Portal, go to “Certificates & secrets”.

b. Click on “Upload certificate” and upload the certificate you downloaded earlier. The certificate should be downloaded from the “Tenant Management” page in Dathena.

5. Fill in the information in Dathena

In Dathena, in “Tenant Management”, fill up the fields with below information:

SharePoint domain name. Go to your SharePoint and identify the domain name in your SharePoint URL (https://domain.sharepoint.com). You can access SharePoint from office.com and click on the SharePoint icon.

Application (Client) ID and Directory (Tenant) ID. Find this information in the “Overview” page of the Azure Portal.

Client Secret

  • Go to “Certificates & secrets” and click on “New client secret”.
  • Give it a description (e.g. Dathena - October 2020) and an expiry date (1 year is enough).
  • Copy and paste the Client Secret Value.

6. Start the process

Once the steps completed, click on “Start Analysis”. The analysis will start and can take up to 48 hours. You will get notified when the process is done.

Do you need any help? Reach out to us

Start Today!

Experience Firsthand How Infinitely Powerful AI-Driven Data Protection and Security Can Be

Contact Us