Next Generation API Data Protection for Microsoft 365 OneDrive
Next Generation API Data Protection for Microsoft 365 OneDrive
Using API Data Protection involves configuring the API connection for your Microsoft 365 OneDrive GCC High & Commercial apps.
In order to use the Next Generation API Data Protection for Microsoft 365 OneDrive GCC High & Commercial, first you will need to connect Netskope to your Microsoft 365 OneDrive GCC High or Commercial account via Microsofts’ API. The following sections explain how the API connector works, and how to configure the connection.
Why you should move to Next Generation API Data Protection?
-
Dramatically simplified policy definition and management: Multi-app/all app policies and multiple DLP profiles in a single policy.
-
Ability to define threat protection policies.
-
Unified inventory page, for threat hunting and forensic analysis.
-
Ultra-low time to detect and remediate to non-compliant activities.
Capability Differences Between Classic & Next Generation API Data Protection
Here is a list of feature parity for Microsoft 365 OneDrive between classic and Next Generation API Data Protection.
Feature | Sub-category | Classic | Next Generation |
---|---|---|---|
Instance Selection | - | Yes | Yes (multiple) |
Multi-Geo Support | - | Yes | No |
User Selection | Target all Users | Yes | Yes |
User Profiles | Yes | Yes | |
AD User Groups | Yes | Yes | |
Subset of Users | Yes | Yes | |
Subset of User Profiles | Yes | Yes | |
File Sharing | All Sharing Options | Yes | Yes |
Specific Sharing Options | Yes | Yes | |
Private Sharing Options (Specific Sharing Options) | Yes | Yes | |
Public Sharing Options (Specific Sharing Options) | Yes | Yes In Next Gen, public sharing is called Anonymous. |
|
Share Content Internally (Specific Sharing Options) | Yes | Yes | |
Sharing Content to More than X Internal Collaborator (Specific Sharing Options) | Yes | Yes | |
Sharing Content Externally (Specific Sharing Options) | Yes | Yes | |
Sharing with All External Domains (Specific Sharing Options) | Yes | Yes | |
Sharing with Specific External Domains (Specific Sharing Options) | Yes | Yes | |
Sharing Content to More than X External Collaborator (Specific Sharing Options) | Yes | Yes | |
Sharing Across Enterprise Organization (Specific Sharing Options) | Yes | Yes | |
Sharing Enterprise shared with with Everyone (Specific Sharing Options) | Yes | Yes | |
Sharing Enterprise shared with Everyone Except External Users (Specific Sharing Options) | Yes | Yes | |
Sharing Content with a Selected set of Enterprise User Groups (Specific Sharing Options) | Yes | Yes | |
Sharing with Cross Geo (Specific Sharing Options) | Yes | No | |
Sharing with More than X Cross Geo Collaborators (Specific Sharing Options) | Yes | No | |
Non AD SaaS User Group e.g., M365 (Specific Sharing Options) | Yes | No | |
File Type to Scan | All File Type | Yes | Yes |
Specific File Type | Yes | Yes, file type list is similar to DLP file type list. | |
DLP | DLP Profile | Yes | Yes (multiple) |
DLP Incidents | Yes | Yes | |
DLP Quarantine | Yes | Yes | |
Manual Remediation Action (Restrict Access) from Incidents | Yes | Yes | |
Quarantine | Quarantine Restore | Yes | Yes |
Threat Protection | Threat Protection Feature in Instance Configuration | Yes | Yes |
Severity Based Action - Quarantine | Yes | Yes | |
Severity Based Action - Remediation | Yes | Yes | |
Threat Protection Profile Selection | No | Yes | |
Inventory | Inventory Dashboard | Yes | Yes (with unified Inventory page) |
Inventory Details Panel (File Details, Sharing, Links, Recent Activities) | Yes | Yes | |
Manual Actions for Remediation (Restrict Access) | Yes | Yes | |
Action | Alert | Yes | Yes |
Delete | Yes | Yes | |
Encrypt | Yes | No | |
IRM Protect | Yes | No | |
Quarantine | Yes | Yes | |
Legal Hold | Yes | Yes | |
Azure RMS Template | Yes | No | |
Restrict Sharing to View | Yes | Yes* *This action leverages Microsofts' beta Graph API. The behavior might be inconsistent. |
|
Restrict Access | Yes | Yes | |
Restrict Access Owner Selected | Yes | Yes | |
Restrict Access Internal User Selected | Yes | Yes | |
Restrict Access to Remove Public Links | Yes | Yes | |
Restrict Access to Remove Individual Users | Yes | Yes | |
Restrict Access to Remove Organization Wide Links | Yes | Yes | |
Restrict Access to Domains | Yes | Yes | |
REST API Support | Yes | No | |
Notifications | Email Notifications | Yes | Yes |
Detection & Remediation | MTTD & MTTR (Mean time to detect/resolve) | Fast | Ultra-fast |