3rd Party App Limitations
3rd Party App Limitations
This article outlines the third-party app limitations that could affect the functionality of Next Generation API Data Protection.
Microsoft 365 Apps
Zoom
| Impacted Application | Limitation | Reason |
|---|---|---|
| Netskope does not support Microsoft 365 apps during the migration of your Microsoft tenant between data centers. Ensure the migration is fully completed before granting access to Netskope. For more information about Microsoft tenant migration, see: | Microsoft API limitation |
| No support for OneNote files DLP and malware scanning are not supported for OneNote files because Microsoft Graph APIs do not provide download URLs for them. As a result, Netskope cannot scan OneNote files for DLP or threat protection on Microsoft 365 OneDrive and SharePoint. | Microsoft Graph API limitation |
| Microsoft 365 SharePoint | No support for SharePoint Lists While exposure information for folders and files (drives/driveItems) can be retrieved via the Microsoft Graph API, metadata for SharePoint lists is not accessible. As a result, Next Generation API Data Protection for Microsoft 365 SharePoint does not support SharePoint lists. | Microsoft Graph API limitation |
| Adding/Removing ‘Owner’ level access from files/folders "Site Collection Administrators" will maintain 'Owner' access to files and folders, and this cannot be changed using Microsoft Graph APIs. | Microsoft Graph API limitation |
| Limitation regarding ‘Deleted Groups’ When a file is shared with a group that is later deleted, the Microsoft Graph API will still indicate that the file is shared with that group. Additionally, any members who were part of the group prior to its deletion will retain access to the file. Due to this limitation, during onboarding or provisioning, Netskope has no effective means to assess the exposure of files shared with groups that were deleted before the Microsoft account was connected. Consequently, these files will appear on the Next Generation API Data Protection Inventory page with an EXPOSURE status of UNSPECIFIED. As a result, no alerts will be generated, and no policy actions will be applied to these files. To resolve this issue, customers are advised to remove the deleted groups from the permission list of affected files. Once this is completed, Netskope will be able to accurately calculate exposure and enforce policy actions for those files. | Microsoft Graph API limitation |
| Microsoft 365 SharePoint | No support for Microsoft 365 SharePoint sites created by Microsoft Loop As Microsoft Loop is still in public preview, the necessary permissions are not publicly documented. Consequently, when Netskope encounters this type of 'site' during provisioning, it will provision the site but not its subsites, drives, or drive items. | Microsoft Loop limitation |
| Microsoft 365 Teams | Real-time membership tracking in channel meetings For channel meetings initiated via 'Meet Now,' the Microsoft Graph API does not send webhooks while the meeting is in progress. As a result, Netskope cannot track changes in channel meeting membership during the live meeting. However, once the meeting concludes and the chat is posted in the channel, normal policy processing will resume, as Netskope will then receive webhooks for membership and data changes from Microsoft. | Microsoft Graph API limitation |
| Microsoft 365 Teams | Incoming shared channels For shared channels created by external organizations and shared with a team in your organization, the Microsoft Graph API does not trigger webhooks for posted chat messages. Consequently, Netskope cannot scan the content of incoming shared channels. | Microsoft Graph API limitation |
| Microsoft 365 Teams | Real-time membership tracking for shared groups in shared channels For shared channels, the Microsoft Graph API does not send webhooks when a shared channel is shared with a group. Instead, Netskope must periodically poll for changes, currently every 10 minutes. As a result, Netskope cannot track shared group membership changes in real time. | Microsoft Graph API limitation |
| Microsoft 365 Teams | Chat with Self feature When chatting with self, the Microsoft Graph API does not return chat metadata or send webhooks for self-chat messages. Consequently, Netskope cannot support listing self-chats in the inventory or scanning their contents. | Microsoft Graph API limitation |
| Limitation | Reason |
|---|---|
| Delete remediation action cannot be performed on chat messages sent by an external user. | Zoom API limitation |
| Next Generation API Data Protection cannot scan attachment uploaded from 3rd party apps in team chat and in-meeting chat. | |
| Next Generation API Data Protection cannot scan attachments sent by external users in team chat, including direct, channel, and group messages. |
