How SharePoint Embedded works and how to build AI apps on it
SharePoint Embedded is a fully managed, cloud-based, API-only document management system that lets you securely integrate your custom web or mobile apps, whether built on Azure or other clouds, with Microsoft 365 file storage. It’s especially ideal for ISVs building multi-tenant apps because content stays within each customer’s Microsoft 365 tenant. Design apps that include Microsoft 365 Copilot and agent capabilities, connected Office experiences like Word, and Microsoft Purview compliance and data protection, all within your own user experience. Use built-in retrieval augmented generation (RAG) or bring your own models to create intelligent, secure solutions that reason over your business content, support real-time co-authoring, and scale with granular permissions and storage control. Jeremy Chapman, Microsoft 365 Director, shares how to build intelligent, secure solutions that integrate seamlessly with Microsoft 365 content and services. No data movement & no loss of control. Keep custom app content in your Microsoft 365 tenant. Check out Microsoft SharePoint Embedded. Custom frontend, your domain. Still connected to Office, Copilot, and Microsoft 365. Get started with SharePoint Embedded. Built-in vector embeddings. Automatically index files for AI. Get started with SharePoint Embedded. QUICK LINKS: 00:00 — Keep content secure & compliant without moving it 01:21 — Build fully custom experiences 02:11 — Use built-in vector indexing and RAG 02:55 — Use your models with Copilot’s vector search 04:34 — How it works 05:23 — How the app is built 06:19 — Microsoft Copilot retrieval API 06:58 — Security and compliance 08:02 — Wrap up Link References Build your first agent at https://aka.ms/SPEAgent Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -If you’re looking to build AI powered web or mobile apps for your employees that can securely leverage your organization’s content without moving it or compromising your existing data security. That’s where SharePoint Embedded comes in. Microsoft SharePoint Embedded is a cloud-based document management system. As an API only solution, it lets you as a developer connect the apps that you might be building on Azure or in other clouds securely to the Microsoft 365 file and document storage platform. And this is also an advantage if you’re an ISV who’s building multi-tenant apps because the content stays within your customer’s Microsoft 365 tenant. SharePoint Embedded lets you integrate Microsoft 365 capabilities into your apps, including Microsoft 365 Copilot and agent capabilities, connected Office app experiences like Word and other familiar apps, as well as Microsoft Purview data security and compliance controls. -So you can build generative AI and agent-based solutions using built-in retrieval augmented generation without needing to move your business documents outside of your Microsoft 365 boundary. SharePoint Embedded is also fully managed, so you don’t need to worry about provisioning or managing the underlying compute and infrastructure. And this works with your own web front ends and logic. Let me show you an example. So this is a specialized contract management app that curates case files, which are stored in SharePoint Embedded. Notice this isn’t a SharePoint created site. It’s our own custom application. It’s our own user experience and it’s on our own domain. You’ll see that I need to connect to Microsoft 365 with my user account because the file access is based on my unique set of permissions like I would have if I was running this in Microsoft 365 or an Office app. -This is a one-time connection performed by an end user account, and previously to build an app like this, you would need to send those files to another document management or storage location, maybe like Azure Blob storage or another cloud service where the classifications, protections and permissions for those files would effectively get lost. And once I’m securely signed in, I can see the documents that I have permissions to access within the app and that I want my AI app to reason over. I can also upload or add cloud files from SharePoint, OneDrive, or third party locations into my app, and these files, if not previously on SharePoint or OneDrive will get stored in SharePoint Embedded containers in my tenant. And behind the scenes, these files are indexed at upload time for AI reasoning using embeddings for vector-based search, and the vector index itself is also within my Microsoft 365 tenant. -Here, we’re also using Microsoft 365 Copilot’s orchestration within the app for retrieval augmented generation to respond to my prompts. Alternatively, you can also leverage your own foundational models while leveraging Copilot’s vector search and retrieval, and that way, your content and associated indexes stay within your compliance boundary. The app is designed so that the manual work of rationalizing and processing proposals and legal documents can be done in a fraction of the time using AI. So I can use the custom starter prompts on the top with this agent or write my own prompts. -Here, I’m going to ask it to summarize the proposals by uptime and hourly rates. And as it responds, you’ll see a summary of the uploaded and attached files. Using this app’s custom instructions, it knows exactly how to respond with the right voice and format. Everything in this response is grounded on our information in SharePoint Embedded and contextualized to our application. It’s also fully integrated with familiar Office app experiences, so when I click into any of these documents, the app can open them directly in their respective apps on desktop, web and mobile. And because it’s powered by SharePoint, you can also do real-time co-authoring, also commenting and sharing, and it works with over 300 different file types. And I can even access this as an agent using Microsoft 365 Copilot Chat, like I’m doing here with my prompt, looking for information from the same SharePoint Embedded container that I showed earlier. You now have the flexibility for how you want to design your apps and their information architecture while maintaining data security and permission controls over the underlying files. -So let me explain how this works. When you have an app that uses SharePoint Embedded in your Microsoft 365 tenant, SharePoint Embedded creates another partition within your tenant. The storage partition is headless and doesn’t have a user experience so you can develop your own. Within it, the documents you upload go into that storage partition and they’re only accessible via APIs. In that partition, documents are accessible to the custom app or agent while residing in your own Microsoft 365 tenant and to limit per app access within this new storage partition, a SharePoint Embedded app can create multiple file storage containers to store content where each container can have its own unique permissions. So the app that uses SharePoint Embedded has full control over the containers and the documents within them. -And if you’re a developer, let me show you how you can build an app like this. So I’m in Visual Studio Code. And the first thing that you’ll need to do is provision a container, and containers within SharePoint Embedded are tied to the app that creates them. Next, your application will need to integrate with Microsoft Entra for authentication for the signed in user to access files in that storage location. Again, because this is powered by SharePoint, you can build in all the granular access controls all the way down to the individual file level. And because this also leverages Microsoft Graph, you can use Graph APIs to directly access files in your SharePoint Embedded containers. This uses the same file operations that you have across Microsoft 365, except they’re scoped to your app that uses SharePoint Embedded. That means that anything that you can use with Graph APIs can also be used in your SharePoint Embedded apps. -And related to that, you can also use the Microsoft 365 Copilot retrieval API, so that you can leverage built-in RAG for your own custom orchestration and have full control over the experience, or you can use what’s built in, like I showed before. In fact, this is the code for the AI component of our app where we’ve defined the information locations to ground responses and the theming of the sidebar so it matches your app, the suggested prompts that are presented as starter recommendations for users and the meta prompt to customize the voice, tone, format and other aspects of generated responses. -Importantly, your application gets the full Microsoft Purview security and compliance capabilities, which include detailed auditing for all SharePoint Embedded app interactions, data loss prevention, or DLP policy integration to protect sensitive and high value information and information protection controls to identify and protect other classified content. Your containers can be managed from the SharePoint admin center, where you can also apply default sensitivity labels for each container to protect the content within it. -Again, any security and compliance controls that you can apply to your SharePoint sites can also be leveraged by your SharePoint Embedded app. SharePoint Embedded is an Azure service that’s billed based on consumption for storage, transactions and Copilot interactions. When you set up SharePoint Embedded for the first time in the Microsoft 365 admin center, under Org settings, you’ll enable it as a pay-as-you-go service in one billing policy where you’ll define your Azure subscription, your resource group, and your region. Now you’re ready. And the good news is, as a developer, you can get started right away using the Visual Studio extension for SharePoint Embedded. -To find out more about that and build your first agent, check out aka.ms/SPEAgent and keep watching Microsoft Mechanics for the latest tech updates. Subscribe to our channel and thanks for watching.How Microsoft 365 Backup works and how to set it up
Protect your Microsoft 365 data and stay in control with Microsoft 365 Backup — whether managing email, documents, or sites across Exchange, OneDrive, and SharePoint. Define exactly what you want to back up and restore precisely what you need to with speeds reaching 2TB per hour at scale. With flexible policies, dynamic rules, and recovery points up to 365 days back, you can stay resilient and ready. In this introduction, I'll show you how to minimize disruption and keep your organization moving forward even in the event of a disaster with Microsoft 365 Backup. Fine-tune what gets backed up. Back up by user, site, group, or file type — to meet your exact needs. Get started with Microsoft 365 Backup. Restore data in-place or to a new location. Compare versions before committing. Take a look at Microsoft 365 Backup. Restore content from months ago. Use fast weekly snapshots — even when the issue went unnoticed for weeks. Start here with Microsoft 365 Backup. QUICK LINKS: 00:00 — Automate recovery process 00:37 — How to use Microsoft 365 Backup 01:49 — Compare with migration-based solutions 02:30 — How to set it up 03:33 — Exchange policy for email backup 05:00 — View and manage backups 05:24 — Recover from a restore point 07:45 — Restore from OneDrive & SharePoint 08:33 — Bulk restore 09:41 — Wrap up Link References Check out https://aka.ms/M365Backup Additional backup and restore considerations at https://aka.ms/M365BackupNotes Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -If something bad happens, like someone accidentally does a bulk file deletion or files are corrupted by a malicious user or ransomware, the first question is, can we recover from our backup? And the second question is, how long until we’re back online? Now to help you automate a targeted recovery process, Microsoft 365 Backup has a self-service solution that helps you scope the data that you want to recover. Your data remains inside your Microsoft 365 trust boundary, providing bulk restore recovery speeds of up to 2 terabytes per hour at scale. -Now, you might be wondering, do I even need to back up Microsoft 365 data? Let’s look at where it makes sense. So, first, if there’s a natural disaster, Microsoft 365 already natively offers high availability and disaster recovery with built-in service resiliency. That said, if you experience a data breach or maybe unexpected data corruption from a processor person on your end, or because of ransomware, your Microsoft support options depend on the workload in Microsoft 365. For example, for SharePoint, if you do nothing additional at all, when you contact Microsoft Support, if the event happened up to 14 days prior, Microsoft will recover OneDrive and SharePoint to a previous state within that timeframe. That said, if you want to get more specific on what gets restored or want to go back further than 14 days to recover your data, this is where the Microsoft 365 Backup service comes in. It’s self-service by design for SharePoint Exchange and OneDrive, giving more targeted control to scope exactly what you need to restore for up to 365 days. We’ll be adding more Microsoft 365 Backup coverage to other Microsoft 365 workloads over time. -Let’s compare this with migration solutions that you may be familiar with. These solutions work by moving your data and transforming it to store it into their service. Then, for recovery, the backup has to be restored back to its original form, then migrated back to your Microsoft 365 tenant, adding significant recovery time. Instead, Microsoft 365 Backup takes incremental snapshots of your data. The data stays in your Microsoft 365 service boundary in its native encrypted form. So, when you need to recover your data, the recovery process is accelerated. Microsoft 365 Backup is a consumption-based service with billing based on the amount of data protected. -Next, let’s walk through the setup steps and controls to manage backups and restore them. Starting with setting up a billing plan, where in advance, you’ll need to have an Azure subscription as well as a defined resource group. So, from the Microsoft 365 admin center under Setup, you’ll activate pay-as-you-go services and select Get started. Here, I’ll choose my Azure subscription and the resource group, and the region. Note that this region here is only used for billing. Your data will remain in the location that it’s currently in. Now, still on this page from the Settings tab, in the Storage location, you’ll choose Backup. Then, turn it on and save to confirm. -Now, with the service running, the rest of the steps will be performed from the Microsoft 365 Backup page in the admin center. So, here, I can configure backup policies to initiate automated backup processes. I have navigated within settings to Microsoft 365 Backup. From there, each workload, SharePoint, Exchange, and OneDrive, can have its own individual policies. So, I’m going to walk through an Exchange policy for email backup, but all three follow similar steps. After hitting Set up policy, the overview page displays policy attributes like the backup frequency. In this case, it’s every 10 minutes. The backup retention up to one year. -Now, the backup frequency does not impact your costs. Here, I can choose the selection method. The options are to upload a CSV file with mailboxes. Now, for SharePoint policies, this would be sites, and for OneDrive, we’d target user accounts. You can also use a dynamic rule, which allows the mailboxes in scope to dynamically update as group membership changes. Or you can define specific filters where you can select up to three distribution lists or security groups, or both. Now, these are the same filters for OneDrive policies. And for SharePoint, you can use filters for site names, URL contains values, or site last modified dates. The final option is then to select mailboxes individually, where you can manually select the mailboxes that you want to back up. In my case, I’ll choose the dynamic rule and use distribution lists, and I’ll select Project Falcon and Northwind Traders. -Now, I just need to review, and from there, I can create the policy. The policy will typically be active within an hour of creation, depending on the size of your group, and you can edit policy attributes at any time. So, now with the policy created, let’s move on to the process of viewing and managing backups. I’m back on the Microsoft 365 Backup page, and now I have active policy set up for each workload. And as mentioned, I can make required edits and changes to these policies from here. For example, you can pause backups or add, or remove sites from the SharePoint policy. -So, at this point, all of our services are running automated backups. Now, let’s assume that something happened to our Exchange mailboxes that were backed up and we want to recover from our restore point. Now, to simulate that, I’m logged in as Adele. I’m deleting email from the last month and even removing those from the Deleted items folder. One thing to note is that a restore from Exchange will only impact items that were modified, hard-deleted, or purged during the recovery window. So, let’s recover those deleted emails. So, I can start that for Exchange by hitting Restore mailboxes. -Now, for the choose selection method option, there is an option to upload a CSV list of mailboxes or select them individually. I’ll choose that one. And then, I’ll search for Adele and there she is. Now, I’ll add her mailbox and hit Next. Then, in content scope, I can select all emails including notes, contacts, calendars, and tasks, or I can choose a specific timeframe as well as apply filters, as you can see here. I’m going to keep the default of all items. Then, I can choose a time before the event happened to restore too. From there, I’ll be presented with available restore points. Email restore points are created every 10 minutes from when the policy’s active for up to 365 days. And I’ll choose this one for April 4th at 8:40 AM. -Then, for the destination of restored items, I have two primary options. I can replace mailbox items with backups, or the current version of the items will be overwritten by the items recovered from the restore point. Or I can create new mailbox items from backups within the user’s mailbox, which will be named Recovered Items, with the year, month, day, and time. I’ll keep replace mailbox items. Note that only effective items as mentioned will be overwritten. Any items received after the restore point or unmodified items will not be reverted and will also not get copied over if you decide to create a new folder. Once I confirm and commit to the file restore, from there, I can track progress from the Restoration tasks tab in the Microsoft 365 Backup page and see how things are going. So, I’m going to fast forward a little in time. And just to prove it, I’m back in Adele’s mailbox, and you can see that all of the emails that I deleted before have returned. That’s Exchange. -And there are also a few differences when restoring from OneDrive and SharePoint worth pointing out. Now, I’ll start with SharePoint. Here, I can upload a CSV file of site addresses or select them individually. I’ll do that. Now, I can select exactly which sites I want. There we go. Then, in Search for backups, you’ll see that things are a little different compared to Exchange. And again, I need to choose a date closest to the restore event, as well as a time of day. And for the previous two weeks, there are standard restore points captured every 10 minutes. And for a small-scale restore where you want to prioritize speed over the exact restore time, the prioritized backup options shown here will be faster and is recommended. These faster restore points are taken roughly every 24 hours. -One other thing to note here, if you’re doing a bulk restore, for example, to thousands of sites, then the fast restore points are not relevant. If you want to restore beyond two weeks, because these are weekly snapshots, if I choose the most recent date, where I know that my content is safe, the tool will automatically select the closest restore point captured prior to my selected time. And these weekly restore points are also fast restore points too. The other options are similar to what I showed in Exchange, where you can use in-place Restore or also create new sites. Note that content restored to a new location will apply and address suffix of R, followed by the restore number in a numeric sequence for each restore, starting with R0, as you can see with this site’s URL. In this case, you can copy restored items manually from the restored location to the prior location as needed, and in-place restore will mean users recent edits made to sites, files, and metadata since the time of the restore point will be lost. You can find additional backup and restore considerations at aka.ms/M365BackupNotes. -As you saw today, Microsoft 365 Backup doesn’t just let you self-manage your backups, it helps you recover faster. To find out more, checkout aka.ms/M365Backup. And keep watching Mechanics for the latest tech updates, subscribe to our channel, and thanks for watching.
