Create an On-Demand Scan for SharePoint

Last updated
Save as PDF

Create an On-Demand Scan(ODS) to precisely analyse SharePoint sites for sensitive documents, files, images, videos, APIs, applications, team sites, and other resources that may be shared with unauthorized users inappropriately. These proactive measures significantly enhance your organization’s ability to protect sensitive information and maintain a secure collaborative environment. To learn additional details of ODS, see About ODS.

► Use Case on Protecting Sensitive Data in Microsoft SharePoint using ODS: Imagine a law firm that uses SharePoint for document management, storing sensitive client information and legal documents. If an employee accidentally shares a folder containing these legal documents with external or unauthorized users, it could result in a data breach, compromising client confidentiality and potentially damaging the firm’s reputation. To protect client information and prevent unauthorized sharing of sensitive data, the firm regularly employs On-Demand Scanning (ODS) to monitor all SharePoint folders that are shared externally or with unauthorized individuals.

The ODS scans are configured based on the predefined Data Loss Prevention (DLP) policies to detect sensitive information and initiate immediate actions. If any violation occurs, sensitive data is deleted immediately, and an email is sent to the user regarding the violation.

Prerequisites

Before you begin the On-Demand Scan for SharePoint, complete the SharePoint API Integration in Skyhigh SSE. For details, see SharePoint API Integration Setup.

IMPORTANT:

To enable the Microsoft SharePoint ODS scan for your tenant, contact Skyhigh Security Support.

Create an On-Demand Scan

To create an On-Demand scan:

Log in to Skyhigh SSE.
Go to Policy > On-Demand Scan.
Click Actions > Create a Scan. The Scan Creation Wizard displays.
- Scan Type. Select DLP & Malware.
- Name. Enter the name for the scan.
- Description. Add an optional description for the scan.
- Service Instance. Select the SharePoint instance you want to scan.
Click Next.
On the Select Policies page, select the available policies that you want to use for your scan. This policy is applied to selected data to find violations of that policy, and click Next.

NOTE:

Only Active policies are listed here.
If you don't see any policies on the Select Policies, you must create at least one DLP policy before creating a scan.
To create a new DLP policy, see Create DLP Policy.

On the Configure Scan page, configure the scope for your scan.
- Data Scope. Select the type of scan:
  - Full. Scans all content every time the scan is run.
  - Incremental. Scan only content that has changed since the last successful scan.
- Scan Dates. Select All to scan all data. Or
  - Last X Day(s). Limit the scan to the specified time period. For example, scan the site history of the past 7 days in SharePoint.
- Only scan folders shared externally. Select Yes to scan shared external folders. Or select No to exclude them from the scan.
- Sites to Scan. Select the SharePoint sites to scan the content and data stored within those sites.
  - All Sites. Select all sites for the scan.
  - Include Specific Sites. To include only specific sites, select a Predefined Dictionary, or enter users manually in a comma-separated list.
  - Exclude Specific Sites. To exclude only specific sites, select a Predefined Dictionary, or enter users manually in a comma-separated list.
Click Next.
- None (On-Demand Only). Run the scan once now.
- Daily. Run the scan once a day. Configure the time and time zone.
- Weekly. Run the scan once a week. Configure the day, time, and time zone.
On the Review & Activate page, review your settings for the On-Demand Scan, and click Save. Or click Back to make changes.

Based on the configured time period, the Daily or Weekly scan runs automatically. Once the scan is completed, you can view the results or rerun the scan anytime on the On-Demand Scan page.

During the scan, if any policy is violated, then an incident is created on the Policy Incidents page.