Prerequisites for connecting Amazon Q Business to Microsoft OneDrive

Before you begin, make sure that you have completed the following prerequisites.

In your Azure Active Directory (AD) application, make sure you have:

Created an Azure Active Directory (AD) application.
Used the AD application ID to register a secret key for the application on the AD site. The secret key must contain the application ID and a secret key.
Copied the AD domain of the organization.
Added the following permissions to your AD application on the Microsoft Graph option:
- Read files in all site collections (File.Read.All)
- Read all users' full profiles(User.Read.All)
- Read all groups (Group.Read.All)
- Read all notes (Notes.Read.All)
Note
Query responses based on AD Group ACLs are not supported for Microsoft OneDrive. You need to add users and groups directly to your document permissions list.

In your AWS account, make sure you have:

Created an IAM role for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
Stored your Microsoft OneDrive authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.

Note
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.

For a list of things to consider while configuring your data source, see Data source connector configuration best practices.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Overview

Using the console