Real-time access for SharePoint
Glean can supplement indexed results from SharePoint with real-time results fetched directly from Microsoft 365. This ensures users can find recently created or updated content without waiting for a full crawl cycle.
How real-time access works
Real-time access retrieves content live from SharePoint when a query targets this source. This applies to the following Glean surfaces:
Search
Any query that specifies app:sharepoint, or search results explicitly filtered for SharePoint, can include real-time results alongside indexed results.
Assistant and agents
When Assistant or an agent is highly confident that a query is about SharePoint — for example, when the user mentions SharePoint or includes a link — it adds real-time search results from that source to the chat context.
Explicitly specifying app:sharepoint in a query or agent run also triggers real-time results.
Supported content
Real-time access supports the following content types:
| Source | Supported content |
|---|---|
| SharePoint | Documents, site pages (classic and modern page libraries), lists |
Attachments and images within SharePoint lists and pages are not included in real-time results.
Enable real-time access
Enabling real-time access requires both administrator setup and end-user authentication:
- Configuring your Admin console and Azure portal
- Having end users authenticate
Configure the Admin console and Azure portal
A Glean admin must enable data fetching for SharePoint, and a Microsoft Global Admin must configure additional permissions in Azure.
Enable data fetching in the Admin console
Enable data fetching for SharePoint:
- Navigate to Admin console > Data sources.
- Select SharePoint.
- Go to the Setup tab.
- Select the checkbox to enable data fetching.
Configure delegated permissions in Azure
A Microsoft Global Admin must add delegated permissions to your Glean application in Azure:
-
Sign in to the Azure portal.
-
Search and navigate to your Glean application.
-
In the left navigation, select Manage > API Permissions.
-
Select Add a permission, then select Microsoft Graph.
-
Choose Delegated permissions and add the following:
offline_accessUser.ReadFiles.ReadWrite.AllSites.Read.All
Grant Files.ReadWrite.All so Glean can access files from shared URLs. See Microsoft's Accessing shared driveItems documentation for details.
These delegated permissions are separate from the application permissions used for crawling. They enable per-user, on-demand access to content that may not yet be indexed.
Configure the OAuth redirect URL
Set up an OAuth redirect URL so Glean can complete the user authentication flow:
- In the Azure portal, navigate to your Glean application's Authentication > Platform configurations.
- Select Add a platform.
- Enter the tenant backend domain URL under Server instance (QE) for your deployment.
- Select Configure to save.
These instructions apply to the standard Azure Portal App Authentication experience, not the preview experience.
Authenticate end users
After the admin configuration is complete, each user must authenticate with SharePoint to use real-time access:
- Proactively: Users navigate to Your Settings > Data sources and select SharePoint to authenticate.
- On demand: Glean prompts users to authenticate when a query includes a link to a document that Glean has not indexed yet.
Consider communicating to your organization that real-time access is available and encouraging users to authenticate.