Forum Discussion

MisterEM's avatar
MisterEM
Icon for Microsoft rankMicrosoft
Aug 28, 2025

Connecting SharePoint to Azure

Hi I have a question regarding the following

  1. SharePoint Drive on Primary Account My primary account is edwin@getxxx.io. I’m having difficulty attaching a SharePoint drive to this account. This is separate from the OAuth app itself— I simply want to ensure that this account has a SharePoint drive available. Shouldn’t this be possible, and if so, what steps do I need to take to enable it on azure and the SharePoint admin?
  2. OAuth Application Account Confusion I created an OAuth application under my edwin@xxx.io account. Strangely, I’m able to connect to it from my other account (edwin@onmicrosoftaccount). I assumed OAuth apps were only accessible within their registered domain. Could you clarify why my other account can access the application, and how account/domain setup should work in this case?
files
Permissions
SharePoint Online
sharepoint server

1 Reply

Sort By
  • Ankit365's avatar
    Ankit365
    Brass Contributor
    Aug 28, 2025

    To assign your primary account, email address removed for privacy reasons, its own SharePoint drive, ensure it has an active Microsoft 365 license that includes SharePoint Online and OneDrive for Business. Only licensed member accounts, not guest accounts, receive a personal OneDrive. Once licensed, either sign in once to OneDrive or have an admin pre-provision it so the drive becomes available. Then, you can attach SharePoint libraries to it using Sync or add a shortcut to OneDrive inside the library.

     

    The reason your other account, edwin@onmicrosoftaccount, can use the OAuth app is that apps are tied to the Azure AD or Entra tenant, not just the UPN you used to register them, and by default, app registrations can be multitenant, meaning they accept logins from any organizational directory unless you specifically set them to single tenant. If both UPNs are in the same tenant, then any account in that tenant can access the app once consent is granted. If you want strict isolation, go into the app registration in Entra ID and set the supported account types to single tenant. Then, adjust the enterprise app consent settings so that only admins can grant the app’s requested Graph or SharePoint permissions, which will prevent other tenants or unintended accounts from connecting.

Resources