Connect Code42 to OneDrive
Overview
To help protect you from data loss, you can use Code42 to monitor files moving to and from users' Microsoft OneDrive for Business.
When you add Microsoft OneDrive for Business as a data connection, you must authorize Code42 using your global administrator account in OneDrive for Business. Once connected, we monitor your organization's OneDrive environment to capture when a user:
This article explains how to add OneDrive as a data connection.
Considerations
The following considerations apply to OneDrive. See also the considerations applicable to all cloud storage environments.
- Code42 requires a Microsoft license or subscription that includes Audit (Standard) in order to monitor file activity in your OneDrive environment.
- Audit must be turned on in your OneDrive environment.
- Code42 attempts to use the UserPrincipalName in OneDrive when displaying user information in Forensic Search. If this attribute in Azure is not an email address, trusted domains do not work as expected.
- Microsoft OneDrive limits API requests made by third-party integrations such as Code42. Throttling these API requests allows Microsoft to better control their resources, but may slow down Code42 file metadata collection, especially after first configuring access to OneDrive. Consider allowing access to OneDrive when you have decreased activity in your environment.
- Because Code42 prioritizes file-based monitoring, detection of sharing permissions changes to folders in OneDrive may be delayed.
Before you begin
Before you authorize the Code42 connection to your OneDrive environment, follow the directions in Configure Microsoft for the Code42 OneDrive data connection to properly set up your OneDrive environment to allow Code42 to collect data.
Authorize Code42's connection to OneDrive
- Sign in to the Code42 console.
- Select Administration > Integrations > Data Connections.
- Click Add data connection.
The Add data connection panel opens. - From Data connection, select Microsoft OneDrive for Business under Cloud storage.
- Enter a Display name. This name must be unique.
- Code42 prompts you to verify that auditing is turned on in your Microsoft environment. You completed this verification when you configured your Microsoft environment in preparation for the connection, so select the I've completed these steps check box and then click Continue.
- Select the scope of users in your OneDrive environment to monitor:
- All: Monitors all OneDrive users in your environment.
- Specific users: Monitors only the OneDrive users you designate.
- Click Upload .CSV file.
- Select the scoping CSV file that contains a list of only those users you want to monitor.
- Specific groups: Monitors only the users in the OneDrive groups you designate.
- Click Upload .CSV file.
- Select the scoping CSV file that contains a list of only those groups in OneDrive whose users you want to monitor.
- Click Authorize.
The Microsoft OneDrive for Business sign in screen appears. - Enter your OneDrive administrator credentials.
- Review the terms and agreements, including the permissions that the Code42 connection requires, and click Accept.
Microsoft OneDrive is added as a data connection and Code42 begins the initial inventory process.
Next steps
Now that you have added OneDrive as a data connection, learn more about:
- Common use cases for investigating security incidents with Forensic Search
- How to use Forensic Search
- Adding trusted domains to easily identify when files are shared with users not on your list of approved domains
- Viewing and managing a cloud storage file's sharing permissions
Troubleshooting
Issues in your OneDrive environment can cause errors with the Code42 connection. When such issues occur, the connection in the Data Connections table is highlighted in red and an error message is displayed at the top of the screen. When this occurs, click the connection in the Data Connections table. The detail panel opens and lists the specific error so that you can resolve it.
Refer to these articles to troubleshoot specific errors that can appear for the OneDrive connection in the Data Connections list:
External resources
Microsoft: