Deauthorize a data source
Who is this article for?
CrashPlan for Small Business, no.
Code42 for Enterprise, yes.
Link: Product plans and features.
This article applies to Cloud.
Overview
To help protect you from data loss, you can use Code42 Forensic File Search to monitor files moving to and from users' cloud services, such as Google Drive or Microsoft OneDrive, or emailed as attachments through Gmail or Office 365.
This article explains how to deauthorize those data sources so that Code42 no longer has access to user data in those cloud or email services.
Considerations
- You cannot deauthorize a cloud service (Google Drive, OneDrive, or Box, for example) or email service (such as Gmail or Office 365) while the status is Initializing. Wait for the data source to indicate that it has a status of Monitoring or Error before attempting to deauthorize.
- If needed, you can use this process to reconfigure scoping for monitoring a cloud service's user or groups.
- Data sources are not available in the Code42 federal environment.
Deauthorize a data source
Deauthorize a data source to stop monitoring for new event activity. Once deauthorized, you have 90 days to resume monitoring the data source. After 90 days, Code42 removes the data source's configuration and authorization information (the events you have collected remain searchable in Forensic File Search).
Follow the instructions for your data source below.
Box
- Sign in to the administration console.
- Select Investigation > Data Sources.
- Select the menu next to the cloud service
. - Click Deauthorize.
- When prompted, enter DEAUTHORIZE.
- Click Deauthorize.
At this point, Code42 stops collecting new file activity from Box. If you do not plan to resume monitoring the cloud service, continue to the next steps to remove the Code42 application from the Box console as well. - Log in to your Box Admin Console using your Box Admin email and password.
- Select Apps from the Admin Console menu.
- Click the to the Custom Apps tab.
- Click the options button
to the right of the Code42 Cloud Services application and select the appropriate action from the menu.
- Select Disable app authorization to remove Code42's access to your Box service while retaining basic information about the connection.
Use this option when you want to temporarily stop Code42 from collecting file activity from Box but may want to resume monitoring in the future. When you want to resume monitoring, you can use the saved information to reconnect to Code42 without having to enter that setup information again. - Select Delete app authorization and users to completely remove the Code42 Cloud Services custom app from your Box environment. This selection may require assistance from Box.
This option deletes all information about the Code42 Cloud Service application. If you want to resume monitoring in the future, you'll need to recreate the app in Box and re-enter all of your setup information. See Allow Code42 access to Box for details.
- Select Disable app authorization to remove Code42's access to your Box service while retaining basic information about the connection.
Google Drive or Gmail
- Sign in to the administration console.
- Select Investigation > Data Sources.
- Select the menu next to the data source .
- Click Deauthorize.
- When prompted, enter DEAUTHORIZE.
- Click Deauthorize.
At this point, Code42 stops collecting new file activity from that data source. If you do not plan to resume monitoring the data source, continue to the next steps to remove the Code42 application from the G Suite console as well. - Log in to your G Suite Admin console using your G Suite Admin username and password.
- Navigate to Security.
- Select Advanced Settings > Manage API Client Access.
- Follow the instructions in the Deauthorize dialog box in the administration console to find and delete Code42's API Client Access.
Microsoft OneDrive or Office 365 email
- Sign in to the administration console.
- Select Investigation > Data Sources.
- Select the menu next to the data source .
- Click Deauthorize.
- When prompted, enter DEAUTHORIZE.
- Click Deauthorize.
At this point, Code42 stops collecting new file activity from that Microsoft environment. If you do not plan to resume monitoring the data source, continue to the next steps to remove the Code42 application from Azure Active Directory as well. - Log in to portal.azure.com.
- Click Azure Active Directory.
- Click Enterprise Applications.
- Find the appropriate Code42 application and delete it.
- For OneDrive, delete the application with a name starting with "Code42 Cloud Services."
- For Office 365 email, delete the application with a name starting with "Code42 Email Services."
Resume monitoring a data source
You can resume monitoring a data source for up to 90 days after you deauthorized the initial connection. Code42 removes data sources that have been deactivated for over 90 days.
- Select the menu next to the data source .
- Choose Resume Monitoring.
- Follow the prompts to authorize Code42 to monitor file events on that data source.
If you are resuming monitoring of a Google Drive or Gmail environment, you can change the administrator's email address if needed. When doing so, you can change the username in the email address, but the domain used (such as "@example.com") must remain the same.