Code42 has recently updated the OneDrive cloud service connector to improve efficiency and more accurately collect information about file activity occurring in OneDrive environments. To take advantage of these improvements, Code42 needs to upgrade existing customer connections. Before this upgrade can begin, you must take action:
- Authorize the OneDrive connection to add the new ActivityFeed.Read permission (all customers)
- Enable audit log search (Microsoft business plan customers only)
Only existing customers with active OneDrive connections configured in Code42 must complete these steps.
Additionally, customers with the following Microsoft OneDrive cloud storage or Microsoft 365 Business product plans need to take an additional step to enable audit log search in the OneDrive environments during the authorization process:
- Microsoft OneDrive for Business (Plan 1)
- Microsoft OneDrive for Business (Plan 2)
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Microsoft 365 Business Premium
- Microsoft 365 Apps
Audit log search should be automatically enabled by default for customers using Microsoft Office 365 E1, E3, or E5 enterprise product plans. These customers need only authorize the new permission prior to upgrade as long as audit log search remains enabled in their environments.
Before you begin
Ensure you have your Microsoft global administrator credentials. You need them to sign in to your Azure Active Directory admin center to authorize the connection to use the new permission. Other administrator types do not have the global permissions required to authorize the new permission for your entire environment.
Accept the new permissions
- Sign into the Azure Active Directory admin center using your Microsoft global administrator username and password.
- Click Enterprise applications in the left navigation menu.
If you don't see this option listed in the left navigation menu, go to All services > Identity > Enterprise applications, or use the Filter services box to search for "Enterprise applications."
- Click Code42 Cloud Services in the list to open its properties. This application has one of the following application IDs:
- Under Security, click Permissions.
- Click the large Grant admin consent button.
- Select the account to use to accept the new permissions.
- Review the list of permissions, and then click Accept.
The "Read activity data for your organization" is the new permission required by the connection to more efficiently collect file activity information.
- To verify that the new permission has been added, refresh the Permissions screen for the Code42 Cloud Services connection.
The new "Read activity data for your organization" permission appears in the Office 365 Management APIs list.
Enable audit log search (business plans only)
Only customers with Microsoft business product plans need to enable audit log search for your environment. Unless it has previously been disabled, customers with Microsoft enterprise product plans can skip this section as audit log search is already enabled for your environment.
- Sign into the Office 365 Security & Compliance center using your Microsoft global administrator username and password.
- Go to Search > Audit log search.
The banner at the top of the screen indicates whether audit log search is enabled in your environment.
- If it is not enabled, click Turn on auditing in the banner at the top of the screen to enable audit log search.
The banner updates to indicate that Audit log search is enabled and you can search for user and admin activity in a few hours.
After you authorize the Code42 application to add the new permission in Azure, Code42 can upgrade your OneDrive connection and data to the new structure. This upgrade is scheduled and performed over a weekend (generally a Saturday) to minimize disruption. During the upgrade process, your OneDrive connection displays a status of Maintenance: your OneDrive environment is still being monitored for file activity, but that activity may not appear in Forensic Search until the upgrade completes.
When the upgrade completes, you can expect the following improvements:
- Improved detection of file activity in your OneDrive environment
- Improved performance and stability
- Faster indexing of new drives
- More convenient deauthorization, regardless of the connection's status
- Future expansion and scalability
- Collection of additional details and metadata regarding file activity
- Detection of file download activity (in addition to file upload activity)
- Detection of file activity that involves a user's personal drives as well as your organization's OneDrive environment