Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Microsoft SharePoint and OneDrive Connector

    Microsoft SharePoint and OneDrive Connector

    FortiDLP's OneDrive integration provides comprehensive visibility into cloud activity generated by FortiDLP users across all their devices, both managed and unmanaged.

    Example

    For example, you can track when a user uploads a file to the cloud, grants another user access to the file, and when the other user downloads the file.

    Once a connection is made to Microsoft, FortiDLP users are mapped to events in the cloud, which are then reported in the Investigate module as OneDrive events.

    Note

    As events are collected from the cloud drive, there is no requirement for the FortiDLP Agent to be installed on users' devices when you use this feature.
    SharePoint and OneDrive event types

    The following SharePoint and OneDrive event types are collected by FortiDLP. For more information about them, refer to Microsoft's documentation here.

    • COPIED
    • FOLDER_COPIED
    • DELETED
    • FOLDER_DELETED
    • RECORD_DELETED
    • DOWNLOADED
    • MODIFIED*
    • FOLDER_MODIFIED
    • MOVED
    • FOLDER_MOVED
    • VIEWED**
    • RENAMED
    • FOLDER_RENAMED
    • RESTORED
    • FOLDER_RESTORED
    • UPLOADED
    • SENSITIVITY_LABEL_APPLIED
    • SENSITIVITY_LABEL_REMOVED
    • DOCUMENT_SENSITIVITY_MISMATCH
    • SHARING_LINK_CREATED
    • SHARING_LINK_UPDATED
    • SHARING_LINK_DELETED
    • SHARING_LINK_USED
    • SHARED
    • SHARING_UPDATED
    • SHARING_REVOKED
    • ACCESS_REQUEST_ACCEPTED
    • GROUP_ADDED
    • GROUP_UPDATED
    • GROUP_REMOVED
    • ADDED_TO_GROUP
    • REMOVED_FROM_GROUP

    *On SharePoint, when a PDF is modified, a modify event is not reported but an upload or download event may be reported instead.

    **On SharePoint, a view event is not reported when a PDF file is viewed.

    Note

    Additional activity originating from other Microsoft services, such as Teams and Office 365 Exchange Online, may also be captured for some event types. File activity that occurs in Teams' File tab will be reported with the "sharepoint" client app because Teams uses the SharePoint API internally.

    Device platform information, for example, whether a Windows computer, iPhone, or Android phone was used, is not always provided by Microsoft and therefore may not be reported in an event.

    At times, duplicate events may be sent by Microsoft and therefore reported in the event stream.

    To set up this feature, see Enabling the Microsoft SharePoint and OneDrive Connector, or refer to the FortiDLP SharePoint and OneDrive Connector Quick Start Guide.

    Previous
    Next

    Microsoft SharePoint and OneDrive Connector

    Microsoft SharePoint and OneDrive Connector

    FortiDLP's OneDrive integration provides comprehensive visibility into cloud activity generated by FortiDLP users across all their devices, both managed and unmanaged.

    Example

    For example, you can track when a user uploads a file to the cloud, grants another user access to the file, and when the other user downloads the file.

    Once a connection is made to Microsoft, FortiDLP users are mapped to events in the cloud, which are then reported in the Investigate module as OneDrive events.

    Note

    As events are collected from the cloud drive, there is no requirement for the FortiDLP Agent to be installed on users' devices when you use this feature.
    SharePoint and OneDrive event types

    The following SharePoint and OneDrive event types are collected by FortiDLP. For more information about them, refer to Microsoft's documentation here.

    • COPIED
    • FOLDER_COPIED
    • DELETED
    • FOLDER_DELETED
    • RECORD_DELETED
    • DOWNLOADED
    • MODIFIED*
    • FOLDER_MODIFIED
    • MOVED
    • FOLDER_MOVED
    • VIEWED**
    • RENAMED
    • FOLDER_RENAMED
    • RESTORED
    • FOLDER_RESTORED
    • UPLOADED
    • SENSITIVITY_LABEL_APPLIED
    • SENSITIVITY_LABEL_REMOVED
    • DOCUMENT_SENSITIVITY_MISMATCH
    • SHARING_LINK_CREATED
    • SHARING_LINK_UPDATED
    • SHARING_LINK_DELETED
    • SHARING_LINK_USED
    • SHARED
    • SHARING_UPDATED
    • SHARING_REVOKED
    • ACCESS_REQUEST_ACCEPTED
    • GROUP_ADDED
    • GROUP_UPDATED
    • GROUP_REMOVED
    • ADDED_TO_GROUP
    • REMOVED_FROM_GROUP

    *On SharePoint, when a PDF is modified, a modify event is not reported but an upload or download event may be reported instead.

    **On SharePoint, a view event is not reported when a PDF file is viewed.

    Note

    Additional activity originating from other Microsoft services, such as Teams and Office 365 Exchange Online, may also be captured for some event types. File activity that occurs in Teams' File tab will be reported with the "sharepoint" client app because Teams uses the SharePoint API internally.

    Device platform information, for example, whether a Windows computer, iPhone, or Android phone was used, is not always provided by Microsoft and therefore may not be reported in an event.

    At times, duplicate events may be sent by Microsoft and therefore reported in the event stream.

    To set up this feature, see Enabling the Microsoft SharePoint and OneDrive Connector, or refer to the FortiDLP SharePoint and OneDrive Connector Quick Start Guide.

    Previous
    Next