To use Power BI and other Microsoft tools with Orbit One, we’ll deploy an MS Entra App that Orbit One will use to connect with, and embed content from Power BI. That same app can be used to grant Orbit One access to the likes of OneDrive, Excel, Teams, etc.

These steps are to be performed by/with a Microsoft/Office 365 administrator in your organization.

Follow these steps in the Microsoft 365 web interface to set up the MS Entra App for Orbit. To find specific pages and configuration items (e.g. when we say “Go to App Registrations”), you can usually use the search bar at the top of the page.

1 Initial Setup: MS Entra App
2 Power BI
3 Storage
4 OneDrive and Excel
5 MS Teams

Initial Setup: MS Entra App

These steps apply regardless of which Microsoft tools we want to connect with Orbit One. This could be Power BI, Storage, OneDrive, Teams, or any combination of those tools.

Create the MS Entra App:
1. Head to the Microsoft Entra admin center.
2. Go to App Registrations, register a new app.
  - Name: Orbit One
  - Supported account types: Accounts in this organizational directory only (biztory.com only - Single tenant)
  - Redirect URI: (none)
  - Proceed, and note/store the Tenant ID (Directory (tenant) ID) which will be used in the URI for getting an access token later on. Also note/store the Application ID.
3. Go to the new App’s Certificates and secrets page.
  1. Add/new Client secret
  2. Validity: 180 days, or as we see fit.
  3. Note/store the Client Secret ID and the Client Secret (Value) in a safe place.
Create a security group in Microsoft Entra
- Go to Groups, All groups, New group.
- Group type: Security
- Name: Orbit One Service Principal
- After creating the group, add the Entra app Orbit One to said group (through “Members”).
- This group will be used to grant Orbit One access to a multitude of resources in the next sections. We’ll refer to this group as the Service Principal (group).

Power BI

The instructions below rely on the previous steps, and apply specific if we want to use Power BI with Orbit One

Enable the Power BI service admin settings
- Sign in to the Fabric admin portal (by signing in to Microsoft Fabric itself which is basically Power BI, first): https://app.fabric.microsoft.com/. The URL for the Fabric Admin portal at the time of writing (2025-01-09) is: https://app.fabric.microsoft.com/admin-portal/tenantSettings?experience=power-bi
- Under Admin API settings, Service principals can access read-only admin APIs displays, set the toggle to Enabled, and then select the Specific security groups radio button and add the security group you created.
- Under the same settings, look for “Service principals can use Fabric APIs” and enable it; either for the entire organization, or for the same group(s) as above.
- Also ensure Embed content in apps is enabled, either for the entire organization or at the very least for the group that was created.
In Power BI itself, add the Service Principal (group) we created (that contains the service principal) to the workspaces it needs to be used with, adding them as an Admin specifically. The process is the same as when we’re adding any other user to a Power BI workspace (through “Manage access”).
Under Orbit One’s Environments, Add your Power BI environment to Orbit One with the previously saved information:
1. Application ID
2. Tenant ID
3. Secret (the value, not the ID)
Use Connect to perform a Full Sync the environment’s metadata and validate everything comes through as expected.

Storage

Azure Containers Storage can be used as the external storage solution for Orbit One (see Integrations, Cloud Storage). The following steps can be taken to set up a Blob Storage Account and use it with Orbit One. The steps rely on having set up the MS Entra App above.

Storage Account

On Microsoft Azure, head over to Storage center | Storage accounts (Blobs) (link may change over time).
Create a new Storage account.
1. Select the adequate Azure subscription.
2. Select or create the Resource group (e.g. orbit-one) to place this resource in.
3. Pick a suitable Storage account name, e.g. orbitone.
4. As a Primary service, select Azure Blob Storage.
5. Configure the instance details according to your preferences (region, performance, redundancy, etc.)
Advanced Options, Networking, etc. are optional. Depending on where Orbit One itself will be hosted, consider the appropriate setup allowing network access.

Storage Container

Within the newly created Storage account, head over to Data storage > Containers.
Create a new container with an adequate name (e.g. orbit-one).
Open the new container’s Access Control (IAM) settings, and add the Service Principal (group) for the Entra App that was created in the first step:
1. “Add Role Assignment”
2. Role: Storage Blob Data Contributor
3. Members: the Service Principal (group) from earlier.

Connection to Orbit One

To be documented.

OneDrive and Excel

Initially, a few additional steps are required to enable the Orbit One app to read files on OneDrive:

In App Registrations, we’ll go to API permissions and we’ll add the Files.Read.All permission for the app.
We’ll also enable/click “Grant admin consent for <org name>” to ensure it is applicable where needed.

From here one, the Service Principal (group) that has been created in the initial setup steps (e.g. Orbit One Service Principal) act as entities that can be granted access to OneDrive items in our Microsoft organization. In other words, to grant access to an Excel sheet to Orbit One, the security group can be given permissions to access the file.

Most settings and modules relying on data in a OneDrive Excel file will require its Share URL or Copy URL, e.g.:

CleanShot 2025-06-10 at 13.00.34-20250610-110053.png

Sharing a OneDrive file through its Share URL.

Updating data from an Excel file on OneDrive incurs a small delay between when the file was saved, and when the new data is available. If the new data does not immediately appear in Orbit One, it may just take a few minutes to be propagated on OneDrive and become available.

MS Teams

Connect Orbit One to a Teams Channel

📍 This integration is relevant to all Modules that send messages and notifications (Insight Messaging, Health and Monitoring).

Instructions

See also: Microsoft documentation on Create incoming webhooks with Workflows for Microsoft Teams.

In Teams, navigate to the channel you want to connect to Orbit One, and select Workflows.
Adding a Workflow to a Teams channel.
Search for webhook and select “Post to a channel when a webook request is received”
Right here.
Name the Workflow accordingly. Note that you’ll need one Workflow per channel, so there is a certain level of “granularity” to the Workflow naming that makes the most sense. For example, if you are setting up Insight Messaging to post a pipeline update to the Sales channel, and maybe a few other IMs in the future, you might call the Workflow: “Orbit One to Sales Channel”. You could use the same Workflow for other Orbit One Modules as well, like Performance alerts in Health & Monitoring.
“BAD” stands for Biztory Analytics Department.
Then, effectively select the Team and Channel that Orbit One will post to with this Workflow/with this webhook.
Almost there.
In the confirmation steps, take note of the webhook URL that Teams has generated for Orbit One to post to the selected channel. Note that this is confidential! Anyone with access to this URL can post to your channel.
This is what we needed!

That is it! This URL can now be used for Orbit One Insight Messaging, Performance alerting, notifications, etc.

Microsoft & Power BI