Nightfall DLP for Microsoft 365 (M365) offers a cloud-native data leak protection solution that monitors presence of sensitive data across the following M365 services - OneDrive for Business and MS Teams. While support for Exchange Online and SharePoint Online is curently not available, we hope to introduce support for these two remaining services soon.

Nightfall DLP for M365 provides a seamless approach to monitor User OneDrives, Teams Channels and Teams Chats. Nightfall DLP scans messages in Team channels / chats and scans files in user's OneDrives. Further, Nightfall also allows notifications to be sent to the Nightfall administrators and M365 users and enables them to take followup steps in allignment with the organization's requirements.

The following steps need to be completed to enable Nightfall DLP workflows for OneDrive for Business and MS Teams,

1. Setup of directory sync, and

2. Registration of the M365 endpoint with Nightfall

While registering the Microsoft Tenant, if you did not connect to one of the required apps or if you connected an app that you do not wish to monitor any further, you can update the app selections, to only monitor the required apps.

To update the app selection:

1. Click Microsoft 365 in the list of My Integrations.

2. Expand the required tenant.

3. Click Update App Selection.

4. Click Connect.

1. Log in to your Microsoft tenant.

2. Upon successful authentication, you can view the following list of permissions that are required from the Azure app, by Nightfall:

   • Permission to read the organization's details

   • Permission to manage the Azure app permissions and grants for individual services like Microsoft Teams.

   • Permission to read and update Azure applications for individual services like Microsoft Teams

   • Permission to read and update the user profile

   • Click Accept.

3. Choose the required apps by selecting or unselecting the respective check boxes.

4. Click Save Changes.

5. Click Finish.

You must make sure the following prerequisites are met before setting up Nightfall DLP for Microsoft 365.

• You must have an active Microsoft 365 subscription and Microsoft Tenant for your organization.

• Microsoft 365 subscription administrator credentials / login

• You may also require an authenticator app, like a Microsoft Authenticator app or an Authy app, in case you have enabled multi-factor authentication for your Microsoft 365 tenant.

• You need Azure admin credentials to setup Directory Sync.

References

Refer to Microsoft 365 Documentation to know more. In case you would like to try out Nightfall for Microsoft 365 and do not have access to a Microsoft 365 production tenant, you can also proceed with a Microsoft 365 Developer tenant.

To monitor user OneDrives, channels and chats within MS Teams, Nightfall requires the user information from your corporate directory (commonly an Azure Entra setup). To enable Nightfall to discover user information, you would need to setup the Directory Sync feature. You can refer to the steps mentioned in the Adding Microsoft Entra ID to Nightfall document to setup the Directory Sync.

To set up a Microsoft tenant:

1. Click Microsoft 365 in the list of My Integrations. The Microsoft tenant authentication page displays.

2. Click Connect. The Microsoft sign-in page displays.

1. Enter the email address and password to sign in to Microsoft 365 administrator login. You may be prompted to perform multi-factor authentication on the Microsoft Authenticator app, if you have setup multi-factor authentication.

2. Upon successful authentication, you can view the following list of permissions that are required by the Nightfall Azure app:

   • Permission to read the organization's details

   • Permission to manage the Azure app permissions and grants for individual services like Microsoft Teams.

   • Permission to read and update Azure applications for individual services like Microsoft Teams

   • Permission to read and update the user profile

3. Click Accept and your Microsoft 365 tenant information is added to Nightfall.

4. Select the Microsoft applications you want to monitor. Currently, OneDrive for Business and MS Teams are the available applications.

5. Click Save Changes.

6. Click Finish to complete the tenant setup.

You can see that the new MS Teams and OneDrive tenants are now onboarded in Nightfall under the Microsoft 365 integration. You can expand to view the details and collapse to hide the details.

You can click Add Tenant and follow the aforementioned steps to add multiple tenants

After a successful Directory Sync and M365 tenant registration, you can see that the apps selected in step 6 (MS Teams, OneDrive) show a Valid status, which implies they are ready to be monitored for sensitive data. You may proceed with the policy creation for either MS Teams, or OneDrive.

If you have not enabled either the OneDrive or the Teams application in step 6, the Connect button is displayed against the app. You can click the Update App Selection button to enable to the app.

Deleting a Tenant

You can delete a Microsoft tenant. Before you can delete a tenant, you must ensure that there are no active policies configured for that tenant. After you delete a tenant, you would not create any policies on the deleted tenant and Nightfall would not monitor the deleted tenant.

To delete a tenant:

1. Click the delete icon for the required tenant. A delete confirmation window is displayed

2. Click Yes, please.

3. Click Connect.

4. Log in to Microsoft 365 by entering your admin credentials.

5. The Microsoft sign-in window pop-up is displayed. Select the required option.

6. The Nightfall delete confirmation window is displayed. Click Yes, please delete.

7. The delete confirmation window is displayed. Click Finish.