Configure Microsoft 365 Outlook for the Next Generation API Data Protection

Configure Microsoft 365 Outlook for the Next Generation API Data Protection

To configure Outlook for the Next Generation API Data Protection, follow the instructions below.

Microsoft 365 Outlook app is now available on the Next Generation API Data Protection platform. Please note the following important points:
  • If you currently use the classic version of the Microsoft 365 Outlook app, no action required. You should continue to use the classic version that you use today. Netskope will notify you via a banner message on the Netskope tenant UI when you can switch over to the Next Generation apps.
  • If you currently do not use the classic version of the Microsoft 365 Outlook app, Netskope will make the app available to you in phases. To check if the app is available on your Netskope tenant, follow the instruction below:
    1. Log in to your Netskope tenant and navigate to Settings > Configure App Access > Next Gen > CASB API.
    2. If you see the Microsoft 365 Outlook app listed, you are eligible to configure the app on the Next Generation API Data Protection platform.
    3. If you do not see the app, stay tuned, the app will be made available in due course. In the meanwhile, you can continue to set up the app available under Settings > Configure App Access > Classic > SaaS.

Prerequisites

Before configuring Microsoft 365 Outlook for Next Generation API Data Protection, please review the prerequisites.

  • A global administrator account is required to grant access to Netskope. Post-grant, you can either delete or downgrade this account.

    The way permissions work in Azure/Office 365 is that Netskope requires an administrator to grant enough privileges for Netskope to perform specific actions. Note that the Netskope app does not receive global admin permissions. It only receives permissions for the scope Netskope requests.
  • You must turn on audit logging in Microsoft 365 admin center. To enable audit logging, follow the steps below:

    1. Log in to https://compliance.microsoft.com/.On the left navigation, click Audit.

      If auditing is not turned on for your organization, a banner is displayed prompting you to start recording user and admin activity.

      Enable Audit Logging In Microsoft 365 Admin Center
    2. Click the Start recording user and admin activity banner.

      It may take up to 60 minutes for the change to take effect. After enabling, the first application event contents can take up to 12 hours to show up in Skope IT.
  • If you have guest or external users in your SaaS environment belonging to domains considered internal, you must set the appropriate internal domains for Netskope to classify exposure accurately. To set up internal domains, follow this article.

Configure Netskope to Access your Outlook Account

To authorize Netskope to access your Outlook account, follow the steps below:

  1. Log in to the Netskope tenant UI and go to Settings > Configure App Access > Next Gen > CASB API.

  2. Under Apps, select Outlook and click Setup CASB API Instance.

    The Setup Instance window opens.

  3. Under Administrator Email, enter the email address of the user who will receive an email notification when a policy violation or event triggers. This step is optional.

  4. Under Instance Name, enter the name of the SaaS app instance. This step is optional and if left blank, Netskope will determine the name of the app instance post grant.

  5. Click Grant Access.

    The Microsoft Login window opens.

  6. Enter the global administrator username and password.

  7. Keep Consent on behalf of your organization unchecked and Accept the permissions.

    Outlook Permissions

    The Netskope CASB API app is installed in Azure AD with additional permissions once you grant access to the Outlook app.

  8. After accepting the permissions, you will be redirected to the successful result page. Click Close.

Refresh your browser, and you should see a green check icon next to the instance name.

Post grant, you can either delete or downgrade the global administrator account. To know more: Delete or Downgrade the Global Administrator Account.

Next, you can view the Next Generation API Data Protection Inventory page to get deep insights on various entities on your Microsoft 365 Outlook account. For more information on the Inventory page, see Next Generation API Data Protection Inventory.

You can receive audit events and standard user behavior analytic alerts in Skope IT. To know more: Next Generation API Data Protection Skope IT Events.

Next, you should configure a Next Generation API Data Protection policy. To do so, see Next Generation API Data Protection Policy Wizard.

Share this Doc

Configure Microsoft 365 Outlook for the Next Generation API Data Protection

Or copy link

In this topic ...