Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Integrate SharePoint Online/OneDrive via Delta API

  1. Last updated
  2. Save as PDF

Early Access: Skyhigh CASB Delta API Migration/Integration for SharePoint Online/OneDrive is an Early Access feature. To migrate existing SharePoint Online/OneDrive instances to the Microsoft Delta API framework or enable Delta APIs for new SharePoint Online/OneDrive instances in your tenant, contact Skyhigh Support

The SharePoint WebApp Model is set for deprecation by April 2026, requiring a transition to modern API capabilities, the Delta API Framework. The Delta API framework introduces enhanced Data Loss Prevention (DLP) support for SharePoint Online and OneDrive, utilizing Microsoft Graph APIs. This upgrade replaces legacy APIs, reducing rate-limit errors and improving policy enforcement for greater efficiency and scalability. 

To integrate Delta APIs with SharePoint Online and OneDrive instances, establish connectivity with the new SharePoint Online and OneDrive environments using Delta APIs.

Key Benefits 

  • Minimal Rate-Limit Constraints. Reduces rate-limit errors, ensuring responsive and efficient policy enforcement.
  • Seamless DLP Deployment. Enables direct integration without requiring additional SharePoint app installations.
  • Optimized Policy Execution. Enhances DLP policy performance, improving accuracy and efficiency.
  • Granular API Traffic Management. Offers precise control over data access and security policies for improved scalability.
  • Future-Ready Compatibility. Ensures seamless operation in modern SaaS environments through Microsoft Graph API integration.

Prerequisites for Onboarding New Instances

Make sure you have the following prerequisites in place for onboarding new tenant instances to Skyhigh CASB Delta API deployment.

  • Target tenant instance for Microsoft Graph Delta APIs. Select a specific tenant instance to use Microsoft Graph Delta APIs (Early Access).
  • Integrate Office 365 tenant with Skyhigh CASB tenant. You must integrate your Office 365 tenant with the Skyhigh CASB tenant for testing. 
  • User Account Isolation. You must not use the same Office 365 tenant for multiple instances in the same environment. To use the same Office 365 tenant for other tenant instances in the same environment, you must first disable it in the existing instance and then enable it for a different instance. 

Integrate Skyhigh CASB with SharePoint Online/OneDrive

You can integrate Skyhigh CASB with SharePoint Online/OneDrive to enable Delta API access for new SharePoint Online/OneDrive instances. 

To integrate Skyhigh CASB with SharePoint Online/OneDrive via Delta API, follow these steps:

  1. Create a SharePoint Online/OneDrive Instance
  2. Enable API Access for SharePoint Online/OneDrive

Create a SharePoint Online/OneDrive Instance

You must first create a SharePoint Online/OneDrive instance in Skyhigh CASB to enable Delta API access for new SharePoint Online/OneDrive instances in Skyhigh CASB. 

To create a SharePoint Online/OneDrive instance:

  1. Log in to Skyhigh CASB.
  2. Go to Settings > Service Management.
  3. Click Add Service Instance.

    clipboard_ee7f353c65da6bf4e0d985706e37478d4.png
     
  4. Select Microsoft SharePoint Online or Microsoft OneDriveand enter a unique name for the instance.

    clipboard_ea091a8a395110c7ec110eaeadf254eb9.png
     
  5. Click Done

Enable API Access for SharePoint Online/OneDrive

You can now enable API access for the newly created SharePoint Online/OneDrive instance in Skyhigh CASB. 

To enable API access for a new SharePoint Online/OneDrive instance:

  1. In Skyhigh CASB, go to Settings > Service Management.
  2. Select the newly created SharePoint Online/OneDrive instance from the list of Services.
  3. Go to the Setup tab, and click Enable.

    clipboard_e45683c853efe05bd6a7c34d91fdc1302.png
     
  4. On the Review Prerequisites page, review the mandatory prerequisites.
  5. Activate the checkbox to confirm that you have completed the prerequisites. 

    clipboard_edfd3adba47373154007114fcc209ef69.png
     
  6. Click Next
  7. Click Provide API Credentials

    clipboard_e45d49f3cc2dc144f30b3982e0ca1b94b.png
    • For SharePoint Online, enter the API credentials for your SharePoint Online instance. 

      clipboard_e4c9f7338018df2d36d6700532cb972fa.png
       
  8. Enter your Office 365 global admin account credentials to authorize the API connection.

    accept_api.png

API access is now enabled for your SharePoint Online/OneDrive instance in Skyhigh CASB.

IMPORTANT: After integrating Skyhigh CASB with SharePoint Online/OneDrive successfully, you can define DLP policies and attach them to your SharePoint Online/OneDrive instance in Skyhigh CASB.

 

 

Enable Skyhigh Splash for Microsoft Graph Delta API Integrations

You can enable Skyhigh splash for Microsoft Graph delta API integrations using the below two authorization methods:

  • Global OAuth
  • Custom OAuth
Global OAuth 

Contact Skyhigh Support to enable Skyhigh splash for Microsoft Graph delta API integrations using Global OAuth.

Custom OAuth

NOTE: Make sure the OAuth application is configured with the Microsoft Graph API scope "Sites.ReadWrite.All" with permission type "Application".

Follow below steps to enable Skyhigh splash for Microsoft Graph delta API integrations using Custom OAuth:

  1. Configure an Application Registration in the Azure Portal. For details, see Custom oAuth Application for Office 365 and Azure API Integration.
  2. Contact Skyhigh Support to enable Delta API access for SharePoint Online/OneDrive.

Disable/Roll back Delta API Access for SharePoint Online/OneDrive

  • Disable Delta API access for SharePoint Online/OneDrive: To disable Delta API access for new SharePoint Online/OneDrive instances integrated with Skyhigh CASB, contact Skyhigh Support.
  • Roll back Delta API access for SharePoint Online/OneDrive: To roll back Skyhigh CASB API integration for existing SharePoint Online/OneDrive instances from the Microsoft Delta API model to the SharePoint Add-in app model, contact Skyhigh Support.

NOTE: Once you have successfully disabled Delta API access for new SharePoint Online/OneDrive instances, NRT DLP protection is also disabled for your SharePoint Online/OneDrive instances.

 

IMPORTANT: 

  • Make sure you do not re-enable Delta API access for a Skyhigh CASB tenant using a different Microsoft account than the account currently linked to the tenant, as this affects the collection of DLP events for discovered resources in SharePoint Online and OneDrive for the Skyhigh CASB tenant.
  • To re-enable Delta API access for new SharePoint Online and OneDrive instances, you can create a new SharePoint Online/OneDrive instance using a new Microsoft account in Skyhigh CASB.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.