Skip to main content
McAfee Enterprise MVISION Cloud

About the MVISION Cloud DLP Monitor Add-in

DLP Monitor is a provider-hosted SharePoint Add-in from MVISION Cloud. Provider hosted Add-ins have external components such as web application, database hosted externally from SharePoint Online subscription. More details about types of SharePoint Add-ins are here.

The DLP Monitor Add-in from MVISION Cloud is backed by a web-application (owned by MVISION Cloud) hosted in Microsoft Azure.

Download the MVISION Cloud DLP Monitor Add-in from Download the SharePoint/OneDrive Add-in App

Why is this Add-in required?

This Add-in is used to register SharePoint remote event receivers for SharePoint and OneDrive sites to completely manage the following workflows:

  • Detect sensitive content being uploaded/updated in OneDrive and SharePoint and perform remediation actions specified in DLP policies.
  • Detect the activity of sharing sensitive content internally and externally (outside the organization).
  • Perform remediation actions, such as modifying sharing permissions, revoking collaboration, and removing public links on files.

SharePoint remote event receivers enable monitoring of file upload and sharing activity in near real-time. More information about remote event receivers can be found here.

Role of the Add-in

When an Office 365 admin installs and opens the Add-in, the admin is redirected to the Azure web application hosted by MVISION Cloud. During the redirect, Office 365 passes the necessary authentication and authorization context to MVISION Cloud Azure web application in the form of an access token.

MVISION Cloud uses this access token to retrieve and list all SharePoint sites in the tenant so that admin can select a few SharePoint sites for event monitoring. Once selected for event monitoring, MVISION Cloud uses the access token obtained in the above step to register remote event listeners for those SharePoint sites selected by the Office 365 admin.

As a result, when a user performs activity in SharePoint (in the selected sites only), Office 365 sends an event (HTTP) to MVISION Cloud’s remote event receivers hosted in Azure.

MVISION Cloud Azure web-app fetches any additional metadata for that event and sends the necessary information to MVISION Cloud Cloud DLP which performs DLP check depending on the event type and DLP policies configured in the corresponding MVISION Cloud tenant.

Installing the Add-in

Before installing the Add-in, an App Catalog site has to be created in the Office 365 tenant. Then the Add-in is uploaded in the App Catalog site. The Add-in can be installed in any SharePoint site, preferably in a site exclusively owned by Office 365 admin.

Permissions Required for the Add-in

During installation, Add-in prompts for the following permissions:

These permissions are required for registering remote event receivers, on-site collections, sites, and lists owned by any user in that Office 365 tenant.

NOTE: MVISION Cloud will not modify any content in SharePoint or OneDrive through this Add-in. Any remediation actions such as deleting a file with sensitive content, modifying permissions on a shared folder are performed using SharePoint Online REST APIs. The OAuth access token obtained while enabling API access for OneDrive and SharePoint from MVISION Cloud tenant, is used to invoke these REST APIs.

Full control permissions requested by the Add-in are used only for registering event listeners for site collections, sites, and lists.

Event Listeners Registered by MVISION Cloud

MVISION Cloud registers following event listeners to the selected sites in SharePoint and OneDrive:

  • ItemAdded
  • ItemUpdated
  • ItemCheckedIn
  • ItemCheckedOut
  • ItemFileMoved
  • WebProvisioned
  • ListAdded
  • RoleAssignmentAdded
  • Was this article helpful?