Ok, so, we really, really recommend you to go through the Azure AD Admin permissions process as it will allow Cloud Drive Mapper to work at its fullest capability. It is also Microsoft's best practice to adhere to this permission process when accessing the Office 365 GraphAPI. It's easy to do for a Global Admin and it's recommended by Microsoft, so we encourage you to try to do it. But, we do recognise with certain organisations, with certain policies, processes and structures, this may not always be possible or practical.

The good news for those who find themselves in this situation is that Cloud Drive Mapper can still work without Azure AD Admin permissions. You will lose some functionality, your users will need to go through a one-time individual consent process, and you will need to make a small tweak to registry/config, but if you do not require the specific functionality that will be lost, don't mind having your users go through a quick 10 second process, and don't mind making the registry tweaks, then this article will show you how to get around this requirement. 


What will be lost?


1. No user impact

Fundamentally, Cloud Drive Mapper needs permission to connect to Office 365 accounts to gain access to OneDrive, SharePoint and Teams. However, certain parts of Office 365 are available with a user's individual consent. So Cloud Drive Mapper can work pretty well without Admin consent. But your users will need to give their consent, which is a simple and familiar process, but in our experience the less a user has to do, the better.


2. Dynamic permission checks for SharePoint
If a Cloud Drive Mapper user has 3 drives set-up linking to 3 SharePoint libraries, but the user only has permission to access 2 of the SharePoint libraries, Cloud Drive Mapper (with dynamic permissions) will map the two drives that the user has access to SharePoint for, but not map the other drive. Removing dynamic permissions means that Cloud Drive Mapper will 'assume' the user has access to the 3 drives, and will map all 3 drives. However, the user will not be able to access the third drive they don't have permission to access in SharePoint.

3. Converged Drives

"What's a converged drive?" - Good question, they don't exist yet, but they are coming soon and they are fantastic.



Ok that's all fine, how do I switch it off the Azure AD permissions check?


You need to set the DisablePermissionCheck registry key to "true". For full customers (not in trial mode) it will be false by default. 


reg add "hkcu\software\iam cloud\clouddrivemapper" /v "DisablePermissionCheck" /t "REG_SZ" /d "true" /f

reg add "hklm\software\iam cloud\clouddrivemapper" /v "DisablePermissionCheck" /t "REG_SZ" /d "true" /f


What if we can't give admin consent OR user consent? 


Bad news unfortunately, Cloud Drive Mapper will not be able to connect to Office 365 securely, and therefore it will not be able to work for you. If you're having internal issues in being able to explain to your Office 365 Global Admin why this is important, please feel free to ask us and we'll give them a call to explain why this process is important to your organisation.