Next Generation API Data Protection for Microsoft 365 SharePoint

Using API Data Protection involves configuring the API connection for your Microsoft 365 SharePoint GCC High & Commercial apps.

In order to use the Next Generation API Data Protection for Microsoft 365 SharePoint GCC High & Commercial, first you will need to connect Netskope to your Microsoft 365 SharePoint GCC High or Commercial account via Microsofts’ API. The following sections explain how the API connector works, and how to configure the connection.

Why you should move to Next Generation API Data Protection?

• Dramatically simplified policy definition and management: Multi-app/all app policies and multiple DLP profiles in a single policy.

• Ability to define threat protection policies.

• Unified inventory page, for threat hunting and forensic analysis.

• Ultra-low time to detect and remediate to non-compliant activities.

Capability Differences Between Classic & Next Generation API Data Protection

Here is a list of feature parity for Microsoft 365 SharePoint between classic and Next Generation API Data Protection.

Feature	Sub-category	Classic	Next Generation
Instance Selection	-	Yes	Yes (multiple)
User Section	All Sites	Yes	Yes
	Subset of Sites Options	Yes	Yes
	User Profiles	Yes	Yes
	AD User Groups	Yes	Yes
	Exclude Sites Options	Yes	No
	Exclude Users Options	Yes	Yes
	Exclude User Profiles Options	Yes	Yes
File Sharing	All Sharing Options	Yes	Yes
	Specific Sharing Options	Yes	Yes
	Private Sharing Options (Specific Sharing Options)	Yes	Yes
	Public Sharing Options (Specific Sharing Options)	Yes	Yes In Next Gen, public sharing is called Anonymous.
	Share Content Internally (Specific Sharing Options)	Yes	Yes
	Sharing Content to More than X Internal Collaborator (Specific Sharing Options)	Yes	Yes
	Sharing Content Externally (Specific Sharing Options)	Yes	Yes
	Sharing with All External Domains (Specific Sharing Options)	Yes	Yes
	Sharing with Specific External Domains (Specific Sharing Options)	Yes	Yes
	Sharing Content to More than X External Collaborator (Specific Sharing Options)	Yes	No
	Sharing Across Enterprise Organization (Specific Sharing Options)	Yes	Yes
	Sharing Enterprise shared with Everyone (Specific Sharing Options)	Yes	Yes
	Sharing Enterprise shared with Everyone Except External Users (Specific Sharing Options)	Yes	Yes
	Sharing Content with a Selected set of Enterprise User Groups (Specific Sharing Options)	Yes	No
File Type to Scan	All File Type	Yes	Yes
	Specific File Type	Yes	Yes, file type list is similar to DLP file type list.
DLP	DLP Profiles	Yes	Yes (multiple)
	DLP Incidents	Yes	Yes
	DLP Quarantine	Yes	Yes
	Manual Remediation Action (Restrict Access) from Incidents	Yes	Yes
Quarantine	Quarantine Restore	Yes	Yes
Threat Protection	Threat Protection Feature in Instance Configuration	Yes	Yes
	Severity Based Action - Quarantine	Yes	No
	Severity Based Action - Remediation	Yes	No
Forensic	Sharepoint as Forensic Store	Yes	Yes (see Next Gen Forensics)
Inventory	Inventory Dashboard	Yes	Yes (with unified Inventory page)
	Inventory Details Panel (File Details, Sharing, Links, Recent Activities)	Yes	Partially available (File Details, Recent Activities, DLP Violation)
	Manual Actions for Remediation (Restrict Access)	Yes	Yes
Action	Alert	Yes	Yes
	Delete	Yes	Yes
	Legal Hold	Yes	No
	Encrypt	Yes	No
	IRM Protect	Yes	No
	Quarantine	Yes	Yes
	Restrict Access	Yes	Yes
	Restrict Access Owner Selected	Yes	Yes
	Restrict Access Internal User Selected	Yes	Yes
	Restrict Access to Remove Public Links	Yes	Yes
	Restrict Access to Remove Individual Users	Yes	Yes
	Restrict Access to Remove Organization Wide Links	Yes	Yes
REST API Support		Yes	No
Notifications	Email Notifications	Yes	Yes
Detection & Remediation	MTTD & MTTR (Mean time to detect/resolve)	Fast	Ultra-fast

• Supported Microsoft Office 365 SharePoint Licenses for Next Generation API Data Protection
• Configure Microsoft 365 SharePoint for the Next Generation API Data Protection