Microsoft released SharePoint Embedded on May 21st, 2024. SharePoint Embedded is a headless API for building apps that leverage full spectrum Microsoft 365 collaborative features. This feature specifically targets independent software vendors (ISVs) who build apps.
For many years, if developers wanted to build a solution that uses rich SharePoint enterprise content management (ECM) capabilities, they had to either host it in SharePoint (with client-side code frameworks like SPFx) or use the M365 API such as Graph and host the solution somewhere else, for instance in the Azure Cloud. However, even with the latter approach, users with enough permissions could still access the solution documents in SharePoint UI, potentially breaking the intended functionality.
SharePoint Embedded is an isolated document storage partition in an M365 tenant that can only be accessed via rate-limited Graph API calls. It has an independent configuration from the rest of the customer or app provider tenant. The usual Microsoft Entra ID authorisation framework ensures security and access control.
Under the hood, the partitions are called File Storage Containers, a new type of storage that can be created and managed inside a Microsoft 365 customer tenant. An app using SharePoint Embedded is associated with a specific Container Type and can only create and use containers of that type, ensuring strict data separation. The app owner tenant can create container types while the consuming tenants (where the documents reside) can register container types in their tenant and give appropriate permissions.
Since SharePoint Embedded does not have a SharePoint UI, the app must provide one. This allows for building highly streamlined content interaction flows, optimised for a specific purpose. For example, vendors sending invoices or statements of work could use an app built on top of SharePoint Embedded. In fact, Microsoft uses SharePoint Embedded to build its specialised apps in M365, such as Loop or Designer.
The code for accessing a container uses a new Microsoft Graph endpoint called fileStorage/containers
.
const graphResponse = await graphClient.api(`storage/fileStorage/containers?$filter=containerTypeId eq ${process.env["CONTAINER_TYPE_ID"]}`).get();
The container ID is also the ID of the drive, Microsoft Graph’s abstraction of document storage. Developers can use the standard Graph API for accessing the drive content.
const driveId = props.container.id;
const driveItemId = folderId || 'root'; // get folder, or default to the 'root' folder
// get container contents for the specified folder
const graphResponse = await graphClient.api(`/drives/${driveId}/items/${driveItemId}/children`).get();
Microsoft provides developers with an extension for Visual Studio Code to create and manage SharePoint Embedded apps, training material on Microsoft Learn and code samples with server-side and SPA apps.
The container partitions used by SharePoint Embedded apps do not count towards the customer M365 licenses. They use a separate Azure pay-as-you-go billing model linked to a Container Type in the owning tenant, meaning that the app developer or vendor pays for the API calls to SharePoint Embedded, not the customer. In the near future, there will be an option to pass the cost to the consuming tenant.
The consumption is billed through three service meters: storage, API transactions and egress (downloaded) data. Notably, opening a document from SharePoint Embedded in Office desktop or web app is exempt from billing. Microsoft offers a trial-use container type so developers can get started without an Azure billing profile.