Add a secured SharePoint data source to your knowledge base

Add secured cloud-based SharePoint data sources to your knowledge base to enrich the knowledge base with questions and answers that may be secured with Active Directory.

When you add a secured SharePoint document to your knowledge base, as the QnA Maker manager, you must request Active Directory permission for QnA Maker. Once this permission is given from the Active Directory manager to QnA Maker for access to SharePoint, it doesn't have to be given again. Each subsequent document addition to the knowledge base will not need authorization if it is in the same SharePoint resource.

If the QnA Maker knowledge base manager is not the Active Directory manager, you will need to communicate with the Active Directory manager to finish this process.


  • Cloud-based SharePoint - QnA Maker uses Microsoft Graph for permissions. If your SharePoint is on-premises, you won't be able to extract from SharePoint because Microsoft Graph won't be able to determine permissions.
  • URL format - QnA Maker only supports SharePoint urls which are generated for sharing and are of format https://\*

Add supported file types to knowledge base

You can add all QnA Maker-supported file types from a SharePoint site to your knowledge base. You may have to grant permissions if the file resource is secured.

  1. From the library with the SharePoint site, select the file's ellipsis menu, ....

  2. Copy the file's URL.

    Get the SharePoint file URL by selecting the file's ellipsis menu then copying the URL.

  3. In the QnA Maker portal, on the Settings page, add the URL to the knowledge base.

Images with SharePoint files

If files include images, those are not extracted. You can add the image, from the QnA Maker portal, after the file is extracted into QnA pairs.

Add the image with the following markdown syntax:

![Explanation or description of image](URL of public image)

The text in the square brackets, [], explains the image. The URL in the parentheses, (), is the direct link to the image.

When you test the QnA pair in the interactive test panel, in the QnA Maker portal, the image is displayed, instead of the markdown text. This validates the image can be publicly retrieved from your client-application.


Granting permissions happens when a secured file from a server running SharePoint is added to a knowledge base. Depending on how the SharePoint is set up and the permissions of the person adding the file, this could require:

See the steps listed below.

Knowledge base manager: add SharePoint data source in QnA Maker portal

When the QnA Maker manager adds a secured SharePoint document to a knowledge base, the knowledge base manager initiates a request for permission that the Active Directory manager needs to complete.

The request begins with a pop-up to authenticate to an Active Directory account.

Authenticate User Account

Once the QnA Maker manager selects the account, the Microsoft Entra administrator will receive a notice that they need to allow the QnA Maker app (not the QnA Maker manager) access to the SharePoint resource. The Microsoft Entra manager will need to do this for every SharePoint resource, but not every document in that resource.

Active directory manager: grant file read access to QnA Maker

The Active Directory manager (not the QnA Maker manager) needs to grant access to QnA Maker to access the SharePoint resource by selecting this link to authorize the QnA Maker Portal SharePoint enterprise app to have file read permissions.

Microsoft Entra manager grants permission interactively

Grant access from the Microsoft Entra admin center

  1. Sign in to the Azure portal.

  2. Browse to Microsoft Entra ID > Enterprise applications.

  3. Search for QnAMakerPortalSharePoint the select the QnA Maker app.

    Search for QnAMakerPortalSharePoint in Enterprise apps list

  4. Under Security, go to Permissions. Select Grant admin consent for Organization.

    Select authenticated user for Active Directory Admin

  5. Select a Sign-On account with permissions to grant permissions for the Active Directory.

Add SharePoint data source with APIs

There is a workaround to add latest SharePoint content via API using Azure blob storage, below are the steps:

  1. Download the SharePoint files locally. The user calling the API needs to have access to SharePoint.
  2. Upload them on the Azure blob storage. This will create a secure shared access by using SAS token.
  3. Pass the blob URL generated with the SAS token to the QnA Maker API. To allow the Question Answers extraction from the files, you need to add the suffix file type as '&ext=pdf' or '&ext=doc' at the end of the URL before passing it to QnA Maker API.

Next steps