Skip to main content
McAfee Enterprise MVISION Cloud

How to Configure the DLP Monitor to Monitor OneDrive

IMPORTANT: If you are enabling MVISION Cloud API access for Office 365 for the first time in a specific Office 365 tenant, due to a requirement of Office 365, it takes up to 24 hours for the first user activity to be received by MVISION Cloud Threat Protection and User Activity monitoring. If no activity is received after 24 hours of enabling API access for the first time, contact MVISION Cloud Support.

Before beginning, make sure that API access is enabled properly for OneDrive and SharePoint. 

To configure OneDrive for monitoring:

  1. Log in to Office 365 as the global administrator account. (The same account you used to enable the API connection.)
  2. Start One Drive from the menu and then click Site settings. Click OneDrive Settings.
  3. Click More Settings, then select Site Collection Administrators.
  4. Next screen, select Apps.

clipboard_ef2dcf0248acecc71520a92b935a518f9.png

  1. Select App.

    clipboard_e5820775919b01b793cc02de7c031d518.png
     
  2. Select DLP Monitor-sandbox.

    clipboard_e530946cef45e24b6fddacfb0c8f71464.png
  3. When asked to trust the MVISION Cloud app, click Trust It
  4. Return to Settings > Site contents.

    clipboard_e4b332f52c917ccad6ba06fa81b1790fb.png
  5. Click DLP-Monitor.

clipboard_e4eda04a58d66a2d62130db83d592c48c.png

 

  1. Enter your SharePoint Admin Site URL. (To find your SharePoint admin URL, see Set up SharePoint API Integration. You can either manually select users to monitor, or automatically monitor all users.)
  2. Click Submit

Troubleshooting

 

As of October 2020, all new Office 365 instances have a default setting enabled that causes issues when installing the Office 365 Content Integrator. If you receive error messages that state "Please upgrade the Content Integrator" or "The app needs to be upgraded" then use the following procedure. 

To change the setting to the required value, perform the following steps:

  1. Download and install the SharePoint Online Management Shell from the Official Microsoft Download Center here.
  2. Open the SharePoint Management Shell and connect to your SharePoint Online by executing the following command:
Connect-SPOService -Url <admin url of sharepoint>
  1. Set DisableCustomAppAuthentication to false using the following command:
Set-SPOTenant -DisableCustomAppAuthentication $false
  1. Make sure DisableCustomAppAuthentication is set to False using the following command:
Get-SPOTenant

clipboard_e029115c764e6fc9ec95d190c5750fc30.png

Finally, wait for few hours and install the Office 365 application. It should work with the new SharePoint tenant. 

 

If the Content Integrator App is not fully provisioned within the O365 tenant, or the API from the MVISION Cloud side is not established, you might see an error that says only admins can use the app. First, check that the specified URL (SharePo9int Admin Site URL) is entered correctly. If you still see the error after editing the URL, contact MVISION Cloud Support.

Also, confirm that API access from the MVISION Cloud side has been established within MVISION Cloud on the Service Management page.

clipboard_e0c8762e7fc6e6bf299fc081fd2954897.png

 

  • Was this article helpful?