SaaS Security
Onboard a Microsoft SharePoint App to SSPM
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Onboard a Microsoft SharePoint App to SSPM
Connect a Microsoft SharePoint instance to SSPM to detect posture risks.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Data Security license:
|
To detect posture risks in your Microsoft SharePoint instance, SSPM connects to the
instance by using information that you provide. Once SSPM connects, it scans the
Microsoft SharePoint instance for misconfigured settings and will continue to run
scans at regular intervals.
Previously, you could onboard Microsoft SharePoint by supplying account
credentials to SSPM. This enabled SSPM to access the account directly or through
the Okta or Microsoft Azure identity providers. Once connected, SSPM would use
data extraction techniques to scan your Microsoft SharePoint instance. In August
2025, we discontinued this earlier connector in favor of a new connector that
accesses a Microsoft API to complete scans.
This new connector, which uses OAuth 2.0 authorization to connect to your
Microsoft SharePoint instance, has several advantages over the discontinued
connector, such as the following advantages:
- Because the connector uses OAuth 2.0, SSPM is able to request only the API scopes that it needs to complete its scans.
- The new connector supports third-party plugin scans.
- The new connector leverages the deep integration between Microsoft SharePoint and Microsoft OneDrive to scan both of these product instances. A separate connector for Microsoft OneDrive that used data extraction for scans was also discontinued in August 2025. You now onboard Microsoft OneDrive by using the new Microsoft SharePoint connector.
If you already connected SSPM to your Microsoft SharePoint instance using the
earlier connector, your established connection will continue to work. Similarly,
if you already connected SSPM to your Microsoft OneDrive instance, that
established connection will continue to work. However, if there is any change to
the configuration information that you provided to SSPM (such as an updated
login password), you will need to onboard the Microsoft SharePoint instance
again by using the new connector described below. Note that there is no longer a
separate connector for Microsoft OneDrive.
Onboard a Microsoft SharePoint App Using OAuth 2.0
Connect a Microsoft SharePoint instance to SSPM to detect posture risks.
For SSPM to detect posture risks in your Microsoft SharePoint instance, you onboard
your Microsoft SharePoint instance to SSPM. Through the onboarding process, SSPM
connects to a Microsoft API to run configuration scans for misconfigured settings
and scans for third-party plugins.
Microsoft SharePoint and Microsoft OneDrive share the same core technology within the
Microsoft 365 ecosystem. Because of this deep integration, onboarding Microsoft
SharePoint effectively also onboards Microsoft OneDrive. SSPM scans both Microsoft
SharePoint and Microsoft OneDrive.
To onboard your Microsoft SharePoint instance, you complete the following
actions:
- Identify the account for granting SSPM access.During the onboarding process, SSPM redirects you to log in to Microsoft SharePoint. After you log in, Microsoft SharePoint will prompt you to grant SSPM the access it needs.SSPM will use this account to establish a connection to your Microsoft SharePoint instance. After SSPM establishes the connection, it will perform an initial scan of your Microsoft SharePoint instance, and will then run scans at regular intervals. The account that you use to establish the initial connection with SSPM must remain available. For this reason, we recommend that you use a dedicated service account to grant SSPM access. If you delete the service account, or change the account's password, the scans will fail and you will need to onboard.When you onboard Microsoft SharePoint, the onboarding screen lists the API scopes that SSPM requires for each type of scan that it can run. Navigate to the onboarding screen (as described below) for Microsoft SharePoint and verify that the account you're using has the necessary permissions. After establishing a connection, SSPM will notify you if it's unable to run certain scans because the account did not have the permission to grant access to certain scopes.Log out of all Microsoft SharePoint accounts.Logging out of all Microsoft SharePoint accounts helps ensure that you log in under the correct account during the onboarding process. Some browsers can automatically log you in by using saved credentials. To ensure that the browser does not automatically log you in to the wrong account, you can turn off any automatic log-in option or clear your saved credentials.Alternatively, you can prevent the browser from using saved credentials by opening SSPM in an incognito window.Connect SSPM to your Microsoft SharePoint instance.In SSPM, complete the following steps to enable SSPM to connect to your Microsoft SharePoint instance.
- Log in to Strata Cloud Manager.Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Microsoft SharePoint tile.On the Posture Security tab, Add New instance.Examine the required scope permissions and Connect with Microsoft Sharepoint.SSPM redirects you to the Microsoft login page.Log in to your Microsoft SharePoint account.Microsoft SharePoint displays a consent form that details the access permissions that SSPM requires.Review the consent form and allow access.