Cloud Drive Mapper accesses Office 365 APIs in order to map drives to OneDrive for Business, SharePoint Online and MS Teams storage. In line with Microsoft's latest recommendations, Cloud Drive Mapper requires 'permission' to access these APIs. This gives Office 365 customers (like you) more control and visibility over what their connected applications (like CDM) can access. It also ensures connected applications preserve conditional access settings and MFA you may have configured within Azure or with another identity provider.


There are two types of Office 365 permission: user and admin.

  • User permissions can be granted either by the users themselves or globally by an Office 365 Global Admin. 
  • Admin permissions can only be granted by an Office 365 Global Admin. Office 365 Admin permissions are managed via Azure Active Directory (AAD) inside the 'Enterprise Applications' tab. 


Cloud Drive Mapper has two modes:

  1. Standard mode (this is the default), which only requires user-level permissions which can be set by either the users or an Admin
  2. Advanced mode (enabled via a registry key), which requires a Global Admin to configure the AAD permissions.


Once you have decided which mode is right for your organization, we strongly recommend you follow the relevant processes below:

Standard mode (default)

Most of Cloud Drive Mapper's core functionality, such as mapping drives to OneDrive for Business and SharePoint Online libraries plus handling Folder Redirection into OneDrive, is supported in standard-mode. Our customers have the choice whether to enable the permissions for all users via the Global Admin (to avoid user interruption) or allow their users to provide their own permissions (if the GA is not an option). 


To grant admin permissions for standard mode:

  1. Click this link and follow the steps until you see the success screen
  2. Navigate to Azure Active Directory Admin Center > Dashboard > Enterprise Applications
  3. You should see Cloud Drive Mapper Standard listed in the applications. Click into our application in the list, and then navigate to the Permissions tab via the left-hand menu.
  4. You should see a button that says [Grant admin consent for IAM Cloud]. Click the button, and that's it. 


Advanced mode

A number of Cloud Drive Mapper's advanced features including our MS Teams converged drive feature and our user-configured drives feature require advanced admin-granted permissions.


To grant admin permissions for advanced mode:

  1. Click this link and follow the steps until you see the success screen
  2. Navigate to Azure Active Directory Admin Center > Dashboard > Enterprise Applications
  3. You should see Cloud Drive Mapper Advanced listed in the applications. Click into our application in the list, and then navigate to the Permissions tab via the left-hand menu.
  4. You should see a button that says [Grant admin consent for IAM Cloud]. Click the button, and that's it.


To activate advanced mode in the Cloud Drive Mapper EXE/MSI client you will need to add a registry key 'EnableAdvanceMode' value = 'true'





User Permissions flow


Advanced mode will not work without an admin going through the process above first.


However, we created two separate modes because we have a number of customers who don't have the ability/authority to grant AAD permissions for their users. We also don't want to create unnecessary hurdles for trials, as it's relatively common that people who trial the product may not be a Global Admin.


In these scenarios, users wanting to use Cloud Drive Mapper would simply use standard mode (this will mean advanced-mode features are not available) and grant their own permissions. This process is quick and easy and only needs to happen once, so it is not overly-intrusive for the users. In this case, on the first time they used Cloud Drive Mapper, this pop-up box would appear:




Simply [Accept] the permissions request, and that's it! Granting permissions is a one-time process, so each user would only ever see this pop-up once.

Important: If a user is met with the following screen, then application settings have been blocked by the AAD Admin team and their help is required. This article may help. https://blogs.msdn.microsoft.com/aaddevsup/2018/05/08/receiving-aadsts90094-the-grant-requires-admin-permission





If you need any assistance at any point, please contact our support desk who will be happy to help.


IAM Cloud Technical Support

Support Portal: http://support.iamcloud.com

Email us: support@iamcloud.com

Phone (UK): +44 118 324 0000

Phone (US): +1 914 495 1298