How to set up scan to OneDrive and SharePoint on your office copier
Microsoft 365-connected MFPs scan directly into OneDrive personal folders or SharePoint document libraries through Azure AD authentication. This guide covers both destinations and walks through the configuration on modern A3 office MFPs.
Microsoft 365-based offices using OneDrive and SharePoint as their primary document repository benefit substantially from native scan-to-M365 integration on their MFPs. The integration eliminates the scan-to-email round-trip and lands documents directly in the cloud destination where they would otherwise be manually saved. Modern A3 office MFPs from all major brands ship with native OneDrive and SharePoint connectors, configured through the device admin console once and accessible from the device panel by every authorised user.
The configuration leverages Azure AD authentication, which means the connector inherits whatever identity-stack controls the office already has in place: multi-factor authentication, conditional access policies, device compliance, and audit logging. Documents scanned into OneDrive or SharePoint through the MFP appear identical to documents uploaded from a desktop or mobile client, sharing the same retention rules, sharing controls, and discovery scope.
Configuration walkthrough · five steps
Register the MFP application in Azure AD
The Azure AD administrator registers a new application representing the MFP, grants it Files.ReadWrite.All permission on Microsoft Graph, and notes the application ID and tenant ID for the MFP configuration. Some MFP brands provide pre-registered manifests that simplify this step.
Azure Portal → App Registrations → New
Open the MFP web admin console
Connect to the device admin console through its IP address and log in with admin credentials. Navigate to the Cloud Connector or Cloud Service Settings section.
http://[device-ip]/admin → Cloud Services
Enter Azure AD application details
Configure the Microsoft 365 connector with the tenant ID, application ID, and the redirect URI used during OAuth flow. Save the configuration and the MFP will be ready to authenticate users.
Choose destination type
Configure either per-user OneDrive (users authenticate at scan time) or shared SharePoint library (single shared destination authenticated by a service account). Mixed configurations support both destination types on the same device.
Test and document for users
Scan a test document to each configured destination. Confirm files appear in the expected location with correct file naming and format. Document the user-facing workflow in the office's IT handbook so end users know how to authenticate at the device when prompted.
The conditional access consideration
Offices with Microsoft 365 conditional access policies need to confirm the MFP's authentication flow passes the policy gate. Devices on the office network typically pass through trusted-IP exclusions; devices on different network segments may need conditional-access exemption rules. Coordinate the MFP onboarding with the M365 administrator to confirm policy compliance before the first user authentication attempt.
For offices new to scan-to-M365, OneDrive-per-user is the simpler starting point — each user authenticates at the device, lands documents in their own Drive, and the configuration adds no new permission surface to manage. SharePoint deployments work best when the office has already organised SharePoint document libraries by workflow or department; configuring scan destinations to match the existing library structure produces immediate operational value.