Umbrella SIG User Guide

The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Enable SaaS API Data Loss Protection for Microsoft 365 Tenants

Suggest Edits

Table of Contents

Prerequisites

  • Chrome or Firefox (recommended) with pop-up blockers and ad blockers disabled (only for the duration of authorization)
  • The user performing the installation must use a service account with a Microsoft 365 Global Admin and active license
  • SharePoint Online and OneDrive must be enabled
  • Audit log must be enabled for Microsoft 365. For more information, refer to Microsoft technical documentation and search for Turn auditing on or off.
  • The following IP addresses must be allowed if there are Firewall rules that prevent third-party applications:
    146.112.161.0/24
    146.112.163.0/24
    146.112.165.0/24
    146.112.167.0/24
  • Users must have the following API permissions for Microsoft:

API/ Permissions Name

Type

Description

Admin Consent Required

Microsoft Graph
  1. Directory.AccessAsUser.All

Delegated

Access directory as the signed-in user

Yes
  1. Directory.Read.All

Application

Read directory data

Yes
  1. Files.Read.All

Delegated

Read all files that user can access

No
  1. Files.Read.All

Application

Read files in all site collections

Yes
  1. Sites.Read.All

Delegated

Read items in all site collections

No
  1. User.Read

Delegated

Sign in and read user profile

No
  1. User.Read.All

Application

Read all users' full profiles

Yes

Microsoft 365 Management APIs
  1. AcitivityFeed.Read

Application

Read activity data for the Organization

Yes

SharePoint
  1. Site.FullControl.All

Application

Full control of all site collections

Yes
  1. User.Read.All
 Application Read user profiles Yes

Authorize a Tenant

  1. Navigate to Admin > Authentication.
  2. Under Platforms, click Microsoft 365.
  1. Click Authorize New Tenant in the DLP subsection to add a Microsoft 365 tenant to your Umbrella environment.
  2. In the Microsoft 365 Authorization dialog, check the checkboxes to verify you meet the prerequisites, then click Next.
  1. Provide a name for your tenant, then click Next.
  1. Click Next to be redirected to the Microsoft 365 login page.
  1. Log in to Microsoft 365 with admin credentials to grant access.

You are redirected to the Umbrella Dashboard and a message appears showing the integration was successful.

  1. Click Done to complete.

Revoke Authorization

  1. Under Action, click Revoke. You can revoke any authorised tenant.
  1. Confirm to proceed. The selected account will no longer be authorized.

Manage SaaS API Data Loss Prevention for Tenants \< Enable Cloud DLP Protection for Microsoft 365 Tenants > Enable Cloud DLP Protection for Google Tenants

Updated 2 months ago

Enable SaaS API Data Loss Protection for Microsoft 365 Tenants

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.