Microsoft SharePoint / OneDrive / Teams

Microsoft 365 Onboarding Methods

To support scanning and integration with Microsoft 365, you can choose from three onboarding approaches depending on your environment and automation preferences.

1. Manual Onboarding

This method involves manually creating and configuring all necessary resources to enable M365 scanning. This method is ideal if you prefer full control over the setup process or have unique configuration requirements.

• Overview: Manually register applications, assign permissions, and configuration of the sidecar provider (Azure or AWS).
• Use Case: Suitable for environments with strict customization or limited automation capabilities.
• Documentation: M365 Manual Onboarding of SharePoint, OneDrive, or Teams

2. Scripted Onboarding with Azure Sidecar

This method uses a Shell script to fully automate the onboarding process, leveraging Azure as a sidecar. It simplifies setup by programmatically creating and configuring all required resources.

• Overview: Automatically registers applications, sets permissions, and integrates with Azure Key Vault.
• Use Case: Best if you primarily operate in and want DSPM scanners to run in Azure.
• Documentation: M365 Onboarding with Azure Sidecar Script

3. Scripted Onboarding with AWS Sidecar

This method also uses automation scripts but is tailored for environments where AWS is used as the sidecar. It ensures seamless integration between M365 and AWS infrastructure.

• Overview: Automatically registers applications, sets permissions, and integrates with AWS Secrets Manager.
• Use Case: Best if you primarily operate in and want DSPM scanners to run in AWS.
• Documentation: M365 Onboarding with AWS Sidecar Script

Optional Integrations for Microsoft 365

After onboarding Microsoft 365, you may choose to enable additional integrations to enhance data protection and access control. These features are optional and require manual setup.

1. Microsoft Purview Information Protection (MIP) Labels Integration

Enable sensitivity labeling and protection across Microsoft 365 services using Microsoft Purview. This integration allows your organization to classify, label, and protect sensitive data consistently.

• Overview: Apply sensitivity labels to files to enforce data protection policies.
• Use Case: Ideal for organizations with compliance requirements or sensitive data handling needs.
• Setup Documentation: Microsoft Purview Information Protection (MIP) Labels

2. (beta) M365 Revoke Access for Files

This beta feature allows administrators and users to revoke access to files that were previously shared.

• Overview: Revoke access to files using DSPM.
• Use Case: Useful for scenarios involving sensitive files that should no longer be accessible.
• Setup Documentation: (beta) M365 Revoke Access for Files

3. (beta) M365 Revoke Access to SharePoint Sites

This beta integration enables administrators to revoke access to SharePoint sites.

• Overview: Revoke access to SharePoint sites using DSPM.
• Use Case: Useful for scenarios involving sensitive sites that should no longer be accessible.
• Setup Documentation: (beta) M365 Revoke Access to Sharepoint Sites