Learn how to configure the scope section in Nightfall policies created for Microsoft OneDrive.
In this stage, you must select the tenant and the files of your OneDrive that must be monitored.
To configure Scope, click + Add Tenant and select a tenant.
Once you select the tenant, you must select which drives in the selected tenant, must be monitored by Nightfall. This selection can be done in the Include in monitoring section.
To monitor all the drives in your OneDrive, you must select the All OneDrives option.
Within your drives, files have different types of permission sets. Nightfall allows you to select files with specific permission types to be monitored. You can select the respective check box to monitor files with specific permission sets. To monitor all the files, irrespective of the permission, select Access for all.
Check this Microsoft document to learn more about file and folder permissions in OneDrive.
In this section, you can select the special folders to be monitored. You can select the check box for the respective special folder to include it in monitoring. To select all the special folders, click Select All.
Check this Microsoft document to learn more about special folders in OneDrive.
To monitor drives specific to a user or group, you must select the Selected OneDrives option.
Select the drives of the users and groups that must be monitored.
The #scan-documents-with-permissions and the #include-special-folders configurations are the same as in case of #selecting-all-drives.
When you select the All OneDrives option, all the files and folders in your OneDrive are selected for monitoring. However, you can configure the exclusion section to skip some files and folders from being monitored. The exclusion section is optional and you can skip it if you wish to monitor all the drives. The exclusion section is not applicable if you select the Selected OneDrives option in the Inclusion section.
Nightfall provides you four options to configure the exclusion option.
In this option, you can directly select the individual or group OneDrives to be excluded from being scanned.
In this option, you can select the labels to be excluded from being monitored. Currently, Nightfall supports only the sensitivity labels. Click here to learn more about the sensitivity labels. This option is in Beta because the Microsoft API used in this option is itself in Beta.
In this option, you can enter the folder paths to be excluded. All the files and folders in the folder path are excluded from being scanned. The folder paths must be relative to the base of OneDrive.
The following points must be considered while using this option.
All the input paths must begin with a forward slash (/).
You cannot select only the root folder from exclusion. Basically, you cannot just include a forward slash in the Folder paths field. A valid folder path must follow the forward slash.
You must specify the complete Folder paths field and end the folder path with a forward slash. If you enter /doc in the folder path, all the folders beginning with doc like /doc, /docs, /documents, doc1, and so on. To exclude only the doc folder, you must enter /doc/ in the Folder paths field.
In this option, you can select the file extensions. All the files with the selected extension are excluded from being scanned.