Before you begin, make sure that you have completed the following prerequisites.
In your Azure Active Directory (AD) application, make sure you have:
-
Created an Azure Active Directory (AD) application.
-
Used the AD application ID to register a secret key for the application on the AD site. The secret key must contain the application ID and a secret key.
-
Copied the AD domain of the organization.
-
Added the following permissions to your AD application on the Microsoft Graph option:
-
Read files in all site collections (
Files.Read.All) -
Read all users' full profiles (
User.Read.All) -
Read all groups (
Group.Read.All) -
Read all notes (
Notes.Read.All)
Note
Query responses based on AD Group ACLs are not supported for Microsoft OneDrive. You need to add users and groups directly to your document permissions list.
-
In your AWS account, make sure you have:
-
Created a Amazon Q Business application.
-
Created an IAM role for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
-
Stored your Microsoft OneDrive authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
Note
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see Data source connector configuration best practices.
