Begin Scanning Microsoft Office 365 Apps
Learn how to connect Microsoft Office 365 apps to Prisma SaaS to begin scanning for security violations.
To connect Microsoft Office 365 to Prisma SaaS and begin scanning files and folders on OneDrive and SharePoint, you need to:
- Ensure that you have an Office 365 account with Global Administrator role permissions.
- Grant Prisma SaaS access to Office 365.
- Add the Office 365 app to Prisma SaaS, providing Prisma SaaS information about your Office 365 account.
For information on which automated remediation capabilities Prisma SaaS supports with Office 365, refer to Supported Applications with Remediation.
Add Office 365 App
In order for Prisma SaaS to scan assets, you must consent to specific permissions during the course of adding the Office 365 app. Without the requested permissions, Prisma SaaS cannot authenticate (OAuth2) with Office 365 and cannot scan assets, even after you successfully install the Office 365 app.
If you forget to consent to permissions, you can correct the misconfiguration, but it’s more efficient to avoid the issue.
- (Recommended) Add your Office 365 app domain as an internal domain.
- Log in to Office 365 using an account with Global Admin role permissions.Before you add Office 365 app to Prisma SaaS, you must properly establish communication between Prisma SaaS and the Microsoft Office 365 SharePoint app and OneDrive app.
- Go to http://portal.microsoftonline.com and log out of Office 365 to ensure that you are not logged in as a user other than an account with Global Admin role permissions.
- Log in again to Office 365 using an account that has the Global Admin role permissions.
- Add the Office 365 app.
- From the Prisma SaaSDashboard, clickAdd a Cloud App.
- SelectOffice 365.
- Select one of the following:
If you have a dedicated Office 365 account, selectUsing a custom configuration?and provide the URL for OneDrive and SharePoint that are part of your custom configuration.
- Connect to Office 365 Account
- Using a custom configuration?
- Enter the login credentials for the account with Global Admin role privileges on the Microsoft Online page to which Prisma SaaS redirects you.
- Review andAccepttheConsent on behalf of your organizationpermissions requested.Prisma SaaS requires these permissions to scan your assets on Office 365.After authentication, Prisma SaaS adds the new Office 365 app to the Cloud Apps list asOffice365n, wherenis the number of Office 365 app instances that you connected to Prisma SaaS. For example, if you added one Office365 app, the name displays asOffice365 1. You’ll specify a descriptive name soon.
- (Optional) Choose the user groups whose assets and accounts you want to monitor.The ability to scan assets based on user groups is known asselective scanning. By default, selective scanning is not enabled. If you have not already done so, instruct Prisma SaaS to retrieve your Azure AD group information, then return to this step to choose the user groups.
Prisma SaaS discovers metadata on all sites within SharePoint, however, it only scans or excludes from scan the assets (files and folders) that belong to users who are members of the groups you have selected in your selective scanning configuration.If a group is edited or removed from selective scanning, it can take up to 7 days to remove assets or activities, and close any related incidents. Adding a group back to selective scanning will record new user activities but not old, previously removed user activities.
- Navigate toSettings>Cloud Apps & Scan Settings.
- SelectEnable selective scanningand choose the groups you want to include or exclude from scanning from the list of groups.
- SelectSaveto continue.
- (Optional) Give a descriptive name to this app instance.
- Select the Office365nlink on the Cloud Apps list.
- Enter a descriptiveNameto differentiate this instance of Office 365 from other instances you are managing.
- ClickDoneto save your changes.
- Start scanning the new Microsoft Office 365 app for risks.
- Select.SettingsCloud Apps & Scan Settings
- In the Cloud Apps row that corresponds to the new Office 365 app, select.ActionsStart Scanning
- During the discovery phase, as Prisma SaaS scans files and matches them against enabled policy rules:
When you add a new cloud app, Prisma SaaS automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
- (Optional) Modify match criteria for existing policy rules.
- (Optional) Configure or edit a data pattern.
Fix Office 365 Misconfigurations
The most common issues related to misconfigurations are as follows:
After you add the Office 365 app, no scanned assets display for Office 365.
Prisma SaaS doesn’t have permissions to access Office 365.
You forgot to grant the necessary permissions, so you must do so now via the Azure Portal.
- Grant Prisma SaaS access to Office 365 using Azure Portal.Without permissions, Prisma SaaS cannot authenticate (OAuth2) with Office 365 and cannot scan assets, even after you successfully install the Office 365 app.
- Log in to Azure Portal at https://portal.azure.com as Global Administrator.
- Navigate to.Enterprise applicationsAll applications
- Select.Aperture by Palo Alto NetworksSecurityPermissions
- ClickGrant admin consent for.yourOrganization
Recommended For You
Recommended videos not found.