Capabilities
This connector enables you to use File Access Manager to access and analyze data stored in Windows File Server and do the following:
- Analyze the structure of your stored data.
- Monitor user activity in the resources.
- Classify the data being stored.
- Verify user permissions on the resources, and compare them against requirements.
- Manage access fulfillment - automated granting and revoking of access - according to rules set in File Access Manager.
- Identity collector – collect IAM users, groups and roles and the connections between them.
Monitored Activities
Monitored events and activities are as defined in the Office365 Management Activity API specification.
Activity Monitor Operation Principles
File Access Manager Activity Monitor for OneDrive uses the Microsoft Office365 Management Activity API.
The Activity Monitor queries the API for OneDrive events.
The Microsoft Office365 Management Activity API uses the OAuth 2.0 authorization protocol to authenticate and authorize API requests.
Use of the API, File Access Manager for OneDrive Connector requires a short authorization process during the definition of the OneDrive for Business application.
After the initial authorization process, File Access Manager will handle OAuth token management automatically and refresh the token if needed.
Note
It might take up to two hours for events to be received by the File Access Manager for OneDrive Activity Monitor (a current Microsoft limitation).
Monitored events and activities are as defined in the Office365 Management Activity API specification.
Permissions Collection Operation Principles
File Access Manager OneDrive for Business permissions collection task uses the Microsoft OneDrive REST API.
The permissions collection task queries OneDrive for Business for the existing Role Assignments to determine object permissions.
An Azure Identity Collector must be configured to map the permissions to users and groups from the Azure Active Directory.
Note
The section on Identity collection in the File Access Manager Installation Guide provides more information on how to define an Azure Identity Collector.
OneDrive Connector Installation Flow Overview
To install the OneDrive connector:
- Configure all the prerequisites.
- Add a new OneDrive application in the File Access Manager website.
-
Install the relevant services:
-
Activity Monitor
Note
OneDrive currently does not support the Cloud-Ready architecture for permissions collection and data classification. Permission collection and data classification tasks will run on the central engine services associated with the application, regardless of whether these services have one or more collectors associated with the central engine.