M365 Connector Support for Content Restrictions
Overview
- Greenlist restrictions permit Glean to only crawl and index specified content (specific include).
- Redlist restrictions permit Glean to crawl and index everything except the specified content (specific exclude).
| Restriction Type | Greenlist | Redlist | Details |
|---|---|---|---|
| Time-based Restrictions | ✅ | ❌ | Restrict crawling to include/exclude content created/modified/viewed after a certain date. |
| User-based Restrictions | ✅ | ✅ | Restrict crawling to include/exclude content created/modified/viewed by specific users or a specific group (plus public content). |
| Content-based Restrictions | ✅ | ✅ | Restrict crawling to include/exclude specific content, documents, messages, or objects (see below). |
Supported Restrictions
SharePoint
| Restriction | Greenlist | Redlist | Details |
|---|---|---|---|
| Date | ✅ | ❌ | Restrict crawling to only content created/modified/viewed after a specific date. |
| Group | ✅ | ❌ | Restrict crawling to only content created/modified/viewed by users in a specific AD group (plus public content). |
| User | ✅ | ✅ | Restrict crawling to include/exclude specific users (by user email). |
| Site | ✅ | ✅ | Restrict crawling to include/exclude specific SharePoint sites. |
Info
Sites should be provided in URL format without a trailing forward slash. E.g.:
https://<domain>.sharepoint.com/sites/<siteName>
For Group restrictions when using Azure AD/Entra ID, the Object ID of the AD Group should be provided, NOT the Group name. E.g.:
7c77a355-c78c-6362-a195-d2428d285107
For User restrictions, create a CSV containing the email addresses of the targeted user(s) and provide it to Glean support indicating if the listed users should be included or excluded from crawling. E.g.:
user1@company.copm,user2@company.com,user3@company.com,user4@company.com
Glean recommends applying Group restrictions over User restrictions: Group restrictions are dynamic and controlled via your directory.
OneDrive
| Restriction | Greenlist | Redlist | Details |
|---|---|---|---|
| Date | ✅ | ❌ | Restrict crawling to only content created/modified/viewed after a specific date. |
| Group | ✅ | ❌ | Restrict crawling to only content created/modified/viewed by users in a specific AD group (plus public content). |
| User | ✅ | ✅ | Restrict crawling to include/exclude specific user drives (by user email) |
Info
For Group restrictions when using Azure AD/Entra ID, the Object ID of the AD Group should be provided, NOT the Group name. Eg:
7c77a355-c78c-6362-a195-d2428d285107
Glean recommends applying Group restrictions over User restrictions: Group restrictions are dynamic and controlled via your directory.
Teams
| Restriction | Greenlist | Redlist | Details |
|---|---|---|---|
| Group | ✅ | ❌ | Restrict crawling to only content created/modified/viewed by users in a specific AD group (plus public content). |
| Channel | ✅ | ❌ | Restrict crawling to only the specified channel IDs |
Info
For Group restrictions when using Azure AD/Entra ID, the Object ID of the AD Group should be provided, NOT the Group name. Eg:
7c77a355-c78c-6362-a195-d2428d285107
For Channel restrictions, you must specify the Channel ID, not the Channel Name.
Outlook
Glean uses Outlook's federated search API to support searching over emails/calendars, so it does not index any of the Outlook emails or calendar events. Hence, there is no data stored to apply indexing restrictions to.
Applying Restrictions
| Method | Supported | Details |
|---|---|---|
| Admin UI | ✅ | Restrictions can be applied in the Admin UI under the connector configuration. |
| Glean Support | ✅ | Restrictions can be applied by Glean support on request. |
Warning
Not all restrictions can be applied in the Admin UI. Please contact Glean support to apply the restriction if it is missing from the UI.