Office 365 does not allow Administrator access to user OneDrive files and folders by default, Cloud Access Monitor requires these permissions in order to gain OneDrive file / folder visibility.
The ManagedMethods team has developed a tool to automatically open these permissions in your environment. Below are instructions to use the Authorization tool.
NOTE: This tool will make the admin account used an owner on all OneDrive's and SharePoint sites. You may skip the Authorization tool installation and still gain visibility into Emails and Accounts.
Azure Active Directory Premium P2 subscription allows for Cloud Access Monitor to provide more detailed login information, such as login location. Instructions to check this can be found here.
Sign into your ManagedMethods Cloud Access Monitor instance.
Navigate to the Audit & Control page.
Select the Add SaaS App button on the top right of the screen.
Select Office 365 from the list of apps.
- Give the Oauth project a title
- For User Domains enter in all domains associated with your company.
- (Ex: managedmethods.com, managedmethods.net, managedmethods.onmicrosoft.com)
- Email To Get Alerts: Enter an email address to have alerts sent to.
(All other sections remain as DEFAULT values)
- Choose any Countries, or IP addresses to Approve, or Unapproved. Any Violations will appear within the OAuth homepage once configured.
- Select Save & Authenticate.
A New Pop-up window will appear, asking you to login to an administrative Office-365 Account, enter credentials and sign in.
(Must be related to tenant domain "...@domain.onmicrosoft.com")
NOTE: Pop-ups may be disabled in your browser, if you do not receive a pop-up, please enable them for your instance URL, and re-authenticate.
Once signed in, ManagedMethods Production App will ask for permissions, select the Accept button at the bottom of the pop-up.
An Authorization Completed Successfully page will appear.
You may now click back to Audit & Control, and View your recently created OAuth project.