Description
This article describes how to configure settings specific for the following connectors:
- SharePoint Online
- SharePoint Groups/Teams
Each connector type listed above requires its own connector. The settings are all very similar with the exception of a few which have been specifically listed below as needed. The screenshots below are from a test environment.
Pre-requisites:
- The connector must be created before these settings can be applied. For information on creating a connector, refer to the article: How To Create Connectors In Veritas Alta SaaS Protection (Veritas Alta SaaS Protection)
- Steps outlined in the How to prepare a Microsoft tenant for Veritas Alta SaaS Protection (Veritas Alta SaaS Protection) article must be completed.
Configure Connector's General Settings

- Get Location ACLs - This option will synchronize unique access control lists (ACLs) at the folder level. Generally, this option should be enabled.
- Get Item ACLs - This option will synchronize unique ACLs at the item level and is disabled by default. Note that synchronizing item-level ACLs introduces an additional call per item as part of the crawl process, thereby slowing down the performance of the crawl.
Configure Connector Type Specific Settings
General Tab:

- SharePoint Online - Enable this option for SharePoint O365.
- Mode - See below for the specifics: 
  - For SharePoint Online, choose either of the following modes:  
    - All Site Collections - This will capture data from all available site collections in SharePoint.
- Specific Site Collections - This allows specifying which Site Collections to capture from. When this option is chosen, a new tab will be displayed labeled Specific Site Collections. Within this tab, a list of site collections can be added individually or imported from a file (i.e. a csv file).
 
- For OneDrive connectors, choose the following mode: 
    - All My Site/OneDrive for Business Site Collections - See article: How To Create A OneDrive Connector
 
- For SharePoint Groups and Team Site connectors, choose the required mode: 
    - All Group and Team Site Collections
- Specific Site Collections - This allows specifying which Site Collections to capture from. When this option is chosen, a new tab will be displayed labeled Specific Site Collections. Within here, a list of site collections can be added individually or imported from a file (I.e. a .csv file).
 
 
- For SharePoint Online, choose either of the following modes:  
    
- Auto-add SCOM Account as Site Collection Admins - This option can automatically add user accounts as Site Collection Admins. These user accounts are specified within the CSOM Auth tab which will be discussed below in more detail. It is recommended to enable this option.
- Admin Site URL - Enter the URL for the Admin Site. Example: https://xyzcompany-admin.sharepoint.com
Options Tab:

- Continuous Data Protection - CDP provides near-real time capture of new or changed items in SharePoint. For complete details regarding CDP and specific options, refer to article How To Configure Continuous Data Protection
- Process Document Libraries Only - When enabled, this option will exclude capturing of lists, blogs, wikis, etc.
- Exclude System Lists - These include the master page gallery, for example. It is usually recommended to enable this option.
- Large List Threshold - This setting should not be modified unless directed by a Cohesity Support.
- Diagnostic Logging - This is only used for troubleshooting purposes as directed by a Cohesity Support.
CSOM Auth Tab:
There are three modes to choose from:
- Basic - This is the default setting that utilizes service accounts that have been created when the tenant was configured. This will be automatically added as site collection admins if the option Auto-add SCOM Account as Site Collection Admins is enabled.
- Modern/OAuth - Preferred over Basic authentication.  To use this setting, populate the fields with with information after creating the SharePoint Application. To configure this application, refer to article How to prepare a Microsoft 365 tenant for Cohesity Alta SaaS Protection using Modern Authentication. 
 Choose either Use Autodiscovery or Manually Set EWS URL based on the O365 configuration.
- AppRegistration - This is preferred over Modern/OAuth and Basic. Select the Assign App(s) button, select the tenant domain from the dropdown list and configure the number of apps required for the connector. The apps will display with a yellow warning icon and will not be active until the Azure administrator grants permissions. Once administrator consent for the apps is granted, the icon will change to a green check mark.
Site Collection Scope Tab:

No Site Collection Scope (all site collections) - This option will process all site collections returned from SharePoint.
Rolling Site Collection Scope - This rolling multi-instance mode will result in a given SharePoint connector only processing a certain number of site collections, leaving the rest to another connector. The goal is to allow really large O365 tenants to have the work distributed among multiple connectors and even multiple Stors. This option is available for the following 3 modes within the general tab:
- All Site Collections
- All OneDrive Site Collections
- All Groups/Teams Site Collections
Restrict to Users With Specific Mail Domains - This option is only available when selecting the mode All My Site/OneDrive for Business Site Collections on the general tab. It allows for restricting which sites to collect based on user(s) who have an email address in a specific domain.
Groups/Teams Credentials Tab:

This feature is optional. If group awareness is not enabled, it will simply use the raw list names, whereas enabling group awareness allows the list name to be resolved to the user-friendly name. The screenshot below shows an example of a raw List name:

In order for this feature to work, it is required to create a new Azure Active Directory (AAD) application in the Azure portal. For steps related to this process, refer to article How To Configure A Group/Teams Awareness Azure AAD Application. Once the application is created, it will populate the fields within this setting that were obtained from the application creation process.
