Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Troubleshoot SharePoint Scan Errors

Use the following solutions to troubleshoot problems with SharePoint.

Possible Errors Possible Causes Possible Solutions
  • Scan error has occurred while extracting data for Microsoft 365 Configuration Audit policies.
  • Scan error has occurred while trying to extract data for the device configuration policy.
  • Scan error has occurred while trying to extract data for the device compliance policy.
  • If your tenant does not have a Microsoft Intune License or the desired scopes are not enabled, you may encounter this error.
  • Your tenant has a license, but mobile device management (MDM) is not activated.


  • Make sure to confirm the Microsoft 365 account is licensed for all services, including Azure Active Directory and Microsoft Intune.
  • If the licenses are available, try to disable and enable the SharePoint API so the required scopes can be authorized to run the scans. If the problem persists, contact Skyhigh CASB Support.
  • If you have not re-enabled the API after enabling SCA for an existing instance, try re-enabling it.

  • If you have a Custom OAuth, add these scopes: Policy.Read.All and DeviceManagementConfiguration.ReadWrite.All

  • If you have a license but MDM is not set up for your organization, refer to Set up Basic Mobility and Security and enable MDM.

  • To check if the MDM is activated or not, go to the Skyhigh Security Endpoint Manager Homepage and click Device. You can view the following screen. (Click to enlarge.)
  • If you don't want to get the license or enable MDM, disable all the policies under the devices category. See the Policies with License and Scope Dependency section to find all the policies.

Policies with License and Scope Dependencies

Device Configuration and Compliance Policies

  • REQ License: Intune and Azure premium licenses
  • REQ Scopes: DeviceManagementConfiguration.ReadWrite.All
  • Device Configuration and Compliance Policies are:
    • Require a password for mobile devices
    • Prohibit password reuse for mobile devices
    • Make sure that mobile devices are set to never expire passwords
    • Do not allow users to connect from devices that are jailbroken or rooted
    • Wipe mobile devices on multiple sign-in failures to prevent brute force compromise
    • Ensure that mobile devices require a complex password with minimum password length to prevent brute force attacks
    • Ensure that mobile devices require a complex alphanumeric password to prevent brute force attacks
    • Ensure that mobile devices restrict simple passwords to prevent brute force attacks
    • Enable settings to lock devices after a period of inactivity to prevent unauthorized access
    • Enable mobile device encryption to prevent unauthorized access to mobile data
    • Enable antivirus and a local firewall for connecting devices


  • Was this article helpful?