Skyhigh CASB for Microsoft OneDrive supports two different types of architectures depending on customer use cases and deployment requirements: OneDrive API and Inline Reverse Proxy. Skyhigh CASB for OneDrive enables near real-time scanning of content uploaded to OneDrive to evaluate DLP policies. File activity triggers this and generally occurs within 10–15 seconds depending on bandwidth constraints, network latency, and file size.
Microsoft 365 License
Skyhigh CASB for OneDrive requires a Microsoft 365 E1 or E3 license. For more information, see microsoft.com.
Skyhigh CASB continuously monitors OneDrive for content changes using APIs from OneDrive (Office 365). As employees add/modify new files in OneDrive, Skyhigh CASB scans the files according to DLP policies and can quarantine or tombstone your documents to enforce policies.
NOTE: If the DLP Policy response action is failed to execute for OneDrive then the retry mechanism is supported. The retry mechanism performs a successful execution. The response actions supported for the retry mechanism in OneDrive are: Modify Collaboration, Expire Link, DRM-AIP, Seclore, Titus.
KNOWN ISSUE: The Policy Incidents page does not support restoring quarantine files larger than 250 MB for OneDrive. It applies to both manual and bulk remediation actions.
Inline Reverse Proxy
Skyhigh CASB for OneDrive provides Inline Reverse Proxy architecture for customers who want to have an inline real-time control over the data being transferred to OneDrive.
Cloud Connector and OneDrive
Deployments that use an existing on-premises Enterprise DLP policy engine can install the Skyhigh Cloud Connector, which downloads documents directly from OneDrive and forwards them to an Enterprise DLP policy engine using an ICAP protocol.