title | description | ms.service | manager | ms.author | author | ms.subservice | ms.topic | ms.date |
---|---|---|---|---|---|---|---|---|
SharePoint files - QnA Maker |
Add secured SharePoint data sources to your knowledge base to enrich the knowledge base with questions and answers that may be secured with Active Directory. |
azure-ai-language |
nitinme |
jboback |
jboback |
azure-ai-qna-maker |
how-to |
01/19/2024 |
Add secured cloud-based SharePoint data sources to your knowledge base to enrich the knowledge base with questions and answers that may be secured with Active Directory.
When you add a secured SharePoint document to your knowledge base, as the QnA Maker manager, you must request Active Directory permission for QnA Maker. Once this permission is given from the Active Directory manager to QnA Maker for access to SharePoint, it doesn't have to be given again. Each subsequent document addition to the knowledge base will not need authorization if it is in the same SharePoint resource.
If the QnA Maker knowledge base manager is not the Active Directory manager, you will need to communicate with the Active Directory manager to finish this process.
- Cloud-based SharePoint - QnA Maker uses Microsoft Graph for permissions. If your SharePoint is on-premises, you won't be able to extract from SharePoint because Microsoft Graph won't be able to determine permissions.
- URL format - QnA Maker only supports SharePoint urls which are generated for sharing and are of format
https://\*.sharepoint.com
You can add all QnA Maker-supported file types from a SharePoint site to your knowledge base. You may have to grant permissions if the file resource is secured.
-
From the library with the SharePoint site, select the file's ellipsis menu,
...
. -
Copy the file's URL.
-
In the QnA Maker portal, on the Settings page, add the URL to the knowledge base.
If files include images, those are not extracted. You can add the image, from the QnA Maker portal, after the file is extracted into QnA pairs.
Add the image with the following markdown syntax:
![Explanation or description of image](URL of public image)
The text in the square brackets, []
, explains the image. The URL in the parentheses, ()
, is the direct link to the image.
When you test the QnA pair in the interactive test panel, in the QnA Maker portal, the image is displayed, instead of the markdown text. This validates the image can be publicly retrieved from your client-application.
Granting permissions happens when a secured file from a server running SharePoint is added to a knowledge base. Depending on how the SharePoint is set up and the permissions of the person adding the file, this could require:
- no additional steps - the person adding the file has all the permissions needed.
- steps by both knowledge base manager and Active Directory manager.
See the steps listed below.
When the QnA Maker manager adds a secured SharePoint document to a knowledge base, the knowledge base manager initiates a request for permission that the Active Directory manager needs to complete.
The request begins with a pop-up to authenticate to an Active Directory account.
Once the QnA Maker manager selects the account, the Microsoft Entra administrator will receive a notice that they need to allow the QnA Maker app (not the QnA Maker manager) access to the SharePoint resource. The Microsoft Entra manager will need to do this for every SharePoint resource, but not every document in that resource.
The Active Directory manager (not the QnA Maker manager) needs to grant access to QnA Maker to access the SharePoint resource by selecting this link to authorize the QnA Maker Portal SharePoint enterprise app to have file read permissions.
-
Sign in to the Azure portal.
-
Browse to Microsoft Entra ID > Enterprise applications.
-
Search for
QnAMakerPortalSharePoint
the select the QnA Maker app. -
Under Security, go to Permissions. Select Grant admin consent for Organization.
-
Select a Sign-On account with permissions to grant permissions for the Active Directory.
There is a workaround to add latest SharePoint content via API using Azure blob storage, below are the steps:
- Download the SharePoint files locally. The user calling the API needs to have access to SharePoint.
- Upload them on the Azure blob storage. This will create a secure shared access by using SAS token.
- Pass the blob URL generated with the SAS token to the QnA Maker API. To allow the Question Answers extraction from the files, you need to add the suffix file type as '&ext=pdf' or '&ext=doc' at the end of the URL before passing it to QnA Maker API.
[!div class="nextstepaction"] Collaborate on your knowledge base