Begin Scanning a Microsoft Exchange App

Use Prisma SaaS to scan and identify incidents found when scanning assets and email attachments in your MS Exchange app.
To begin scanning a Microsoft Exchange app:
  1. Log in to Microsoft Exchange or Office 365 using an account with privileges that will enable communication between Prisma SaaS and the Microsoft Exchange app.
    Before you can establish communication between Prisma SaaS and the Exchange app, you must:
    • Go to http://portal.microsoftonline.com and log out of Exchange or Office 365.
    • Log back in to Exchange or Office 365 using an account that has the Global Admin role prior to adding the Exchange app to Prisma SaaS.
  2. Add the Exchange app.
    1. From the Prisma SaaS
      Dashboard
      ,
      Add a Cloud App
      .
    2. Select
      Microsoft Exchange
      .
      microsoft-exchange-tile-frame.png
    3. When prompted, enter the login credentials for the account with Global Admin role privileges on the Microsoft Online page to which you are redirected.
    4. Review and
      Accept
      the changes that Prisma SaaS can perform on your assets in Exchange.
      When authentication succeeds, Prisma SaaS adds the new Exchange app to the list of Cloud Apps as Microsoft Exchange
      n,
      where
      n
      is the number of Exchange app instances that you have connected to Prisma SaaS, for example Exchange 1.
  3. (Optional)
    Give a descriptive name to this app instance.
    1. Select the Exchange app instance from the Cloud Apps list.
    2. Enter a descriptive
      Name
      to differentiate this instance of Exchange from other instances you are managing.
    3. Click
      Done
      to save your changes.
  4. Add new domains and users to global scan settings.
  5. Add policy rules.
    When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of Microsoft Exchange to determine whether you need to add new asset rules, security control rules, or user activity rules to look for risks unique to your enterprise.
  6. (Optional)
    Configure or edit a data pattern.
    When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  7. Start scanning the new Exchange app for risks.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new Exchange app, select
      Actions
      Start Scanning
      .
    The status changes to Scanning. Prisma SaaS starts scanning assets in the associated MS Exchange app and begins identifying incidents. All email attachments in Exchange are scanned based on defined policies. Email content is scanned based on defined policies only if the sender or receiver of the email is from an external domain. Scanning only starts on installation, and assets without risks are not stored.
  8. Monitor the results of the scan.
    As Prisma SaaS starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.
    Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation