Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Skyhigh CASB for SharePoint

Skyhigh CASB for SharePoint continuously monitors SharePoint accounts for any file activity and processes those documents using Skyhigh CASB DLP policies, an on-premises Enterprise DLP policy engine, or a combination of both. 

Microsoft 365 License

Skyhigh CASB for SharePoint requires a Microsoft 365 E1 or E3 license. For more information, see

SharePoint API

Skyhigh CASB continuously monitors SharePoint for content changes using APIs from SharePoint (Microsoft 365). As users add or modify files in SharePoint, Skyhigh CASB scans the files according to your DLP policies, then quarantines or tombstones documents as configured. Quarantined files can be released or deleted directly from Skyhigh CASB.


  • If you are using quarantine response action in the DLP Policies and retention policy is enabled on the SharePoint site, then we can’t delete the file or its contents. To fix the issue, see Skyhigh CASB Known Issues.
  • The Policy Incidents page does not support restoring quarantine files larger than 250 MB for SharePoint. It applies to both manual and bulk remediation actions.

Supported Security Controls

Limited Availability: This is a Limited Availability feature. To enable this feature, contact Skyhigh Support.

Using DLP policies, you can extend Skyhigh CASB protection to SharePoint in several ways:

  • Make sure that sensitive content is not shared in SharePoint sites (Teams sites).
  • Make sure that collaboration with external users is monitored and controlled for SharePoint sites.

Cloud Connector and SharePoint

For deployments that use an existing on-premises Enterprise DLP policy engine, the Skyhigh Cloud Connector can be implemented for additional examination by the on-premises DLP solution to be sent to the on-premises Skyhigh Cloud Connector.

  • Was this article helpful?