M365 Onboarding with Azure Sidecar Script

Onboard SharePoint, OneDrive, and Teams via script automation.

Prerequisite Information

1. The individual running the script must be both a Global Administrator and an Owner of the subscription that the script will be run on.
2. Azure must be onboarded to DSPM first. Follow the Azure onboarding guide to do so.

Step 1. Run M365 Onboarding Script

1. Open Azure Cloud Shell.

   

2. When prompted to select which Shell to open, choose Bash.

   

3. Select No storage required. Select the subscription that your M365 tenant runs out of. Click Apply.

   

Run the M365 Onboarding Script

Copy the following command and paste it into the Azure Cloud Shell terminal to run the script, then follow the prompts in the script to onboard your M365 tenant.

Option 1: Run command with default settings:

wget https://pp-dspm-m365-onboarding.s3.us-east-1.amazonaws.com/Proofpoint_DSPM-M365_Onboarding.zip && unzip Proofpoint_DSPM-M365_Onboarding.zip && bash M365_Onboarding.sh -azure

Option 2: Run command to enable custom settings and optional features:

wget https://pp-dspm-m365-onboarding.s3.us-east-1.amazonaws.com/Proofpoint_DSPM-M365_Onboarding.zip && unzip Proofpoint_DSPM-M365_Onboarding.zip && bash M365_Onboarding.sh -azure -i

Note: If you opt to grant admin consent, when it asks you to select a subscription and tenant out of the list, simply press the return key. No changes need to be made here.

Step 2. Onboard SharePoint / OneDrive / Teams to DSPM

1. Navigate to DSPM UI to Onboard Microsoft SharePoint, OneDrive or Teams.

2. Select “SharePoint”, “OneDrive” or “Teams”.

   

   

3. Enter the following information for the Sharepoint, OneDrive or Teams:

   • Account Nickname  Provide an identifiable name for this account. This will be the name displayed on the DSPM UI for the Sharepoint account, OneDrive account or Teams account.
   • Microsoft 365 Domain  This is the domain that you use to share files. We will use this to mark files shared by this domain as “internal”.
   • Environment Type  Select the appropriate option from the drop-down.
   • Description  Additional detail for the account.

4. In the Use a Sidecar list, select Azure Sidecar.

   

5. Enter the following information:

   • Azure Account ID  Select the Azure account that you ran the script on.
   • Region  Choose the same region that you entered in the script.
   • Key Vault Secret URL  Enter the secret URL copied from the script output.
6. Click Next to finish Onboarding!