What’s an advanced session with elevated privileges in sapio365?
When you choose to associate elevated privileges with your Advanced session, you add a greater level of access to Office 365 data by using an additional, complementary sapio365 application with application-based permissions. This allows you to manage mailboxes and SharePoint sites you don’t own. This means that in addition to everything you get in an Advanced session, you also get access to:
- All users' messages, settings, calendar events and personal contacts
- All users' mail rules
- All users' OneDrive documents and their permissions
- All SharePoint site document libraries
- Checked out files and retention labels
- All site and site list information
- All Teams & private channel content
Need access to private channel chats?
The only way to read private channel chats is to be a member of that channel. Or just use an Advanced session with elevated privileges and simply fill out a request for approval from Microsoft.
Advanced session with elevated privileges
Most Frequent Questions
A registered sapio365 application is created in your tenant’s Azure AD with app-based permissions that require consent from a global admin. This application is then used in conjunction with the sapio365 app with delegated permissions that you’ve previously consented to. Together, these apps give you the maximum reach into your tenant data.
You’re consenting to the permissions of the registered sapio365 application that allow you to access Office 365 data. This consent is between you and the sapio365 application. Your data NEVER goes through any third-party servers.
Yes you can create your app with specific permissions, or you can use an existing one.
Only a global (company) administrator can provide admin consent for the permissions of registered sapio365 applications used in Advanced sessions with elevated privileges. If you can’t obtain admin consent, you can use a standard session.
Yes. An Advanced session in sapio365 gives you the advantage of having everything in one place, the ability to make bulk changes and create custom reports, based on the rights and permissions you have in Office 365. Using elevated privileges will give you access to information related to mailboxes and sites you don’t own.
No, sapio365 does not require external servers to process this information – ever.
Some data is stored locally on your machine as a cache to improve processing times. The encryption of data is session-based so your information is protected.
Private channel chats are only available to the members of that channel whether you use native tools or third-party tools like sapio365. Accessing chats in a Team’s private channel requires submitting a completed justification form to Microsoft to request authorization for an application (sapio365) to use Protected APIs in Microsoft Teams.
To make things easier, we’ve prepared information you’ll need and some sample text you can use to fill out the form. Follow the steps below.
- Make sure you are in an active Advanced session with elevated privileges.
- Click on the ‘Request Access (Private Channel Chats)’ submenu item of ‘New Advanced Session’ to see our guide.
- Click on the link to open Microsoft’s request form in your browser and fill it out using the info and suggested answers in the guide.
What can I do in an Advanced session with elevated privileges?
With the full set of Ytria-recommended permissions, you can do the following:
Users
- View the entire user list for your tenant’s directory as well as all users’ profile information.
- Manage service plans and license information for all users.
- Edit user profile information for any user, even multiple users at once.
- Create new user profiles, even multiple profiles at once.
- Display group memberships for every users in your tenant’s directory.
- For your own account and those users whose mailboxes you have access to, see all:
- Drive items
- Messages
- Contacts
- Calendar entries
Groups and Teams
- View all groups in your tenant, including their property information.
- Display all group owners.
- Retrieve all drive item information.
- View group SharePoint site information.
- Add or remove owners for any group in your tenant, even multiple groups and owners at once.
- Manage delivery restrictions on any group in your tenant, even multiple groups at once.
- View all messages—including the mail folder structure.
- Preview messages directly from the full message list.
- See all message properties.
- Access all attachment information—and download or delete attachments directly.
- Manage mail rules for all mailboxes.
Calendar events
- View all calendar events.
- Preview calendar event body.
- Download or delete attachments.
Personal contacts
- See every users’ personal contacts.
OneDrive files and folders
- Manage all information—including permissions—for every OneDrive file and folder in your tenant.
- Download files and folders.
- Upload files and folders.
- Create folders.
SharePoint sites and lists
- Retrieve all SharePoint site information, including storage quotas.
- Show all lists—as well as their items and columns—for all your accessible sites at once.
- Manage all document library files and their permissions in one place.