Arctera Data Insight

Last Published:
Product(s): Veritas Alta Data Insight (1.0)
  1. About Arctera Data Insight
    1.  
      About Arctera Data Insight
  2. Dashboard
    1.  
      About Arctera Data Insight Dashboard
    2.  
      Storage Utilization Trends
  3. Workspace
    1.  
      About Arctera Data Insight Workspace
    2.  
      Data
    3.  
      Users
    4.  
      Groups
  4. Installing Collector Node
    1.  
      About Collector node
    2.  
      Downloading and Installing Arctera Data Insight Collector
  5. Servers
    1.  
      About servers
    2.  
      Servers
  6. Data Sources
    1.  
      Data Sources
    2. Filers
      1.  
        Adding filers
      2.  
        Viewing configured filers
      3.  
        Editing filer configuration
      4.  
        Managing filers
      5.  
        Monitored Shares
      6.  
        About disabled shares
    3. SharePoint Online
      1.  
        About SharePoint Online account monitoring
      2.  
        Registering Data Insight with Microsoft to enable SharePoint Online account monitoring
      3.  
        Configuring application without user impersonation for Office 365
      4.  
        Creating an application in the SharePoint Admin Center
      5.  
        Add SharePoint Online accounts
      6.  
        Managing Site Collections
      7.  
        Monitored Site Collections
    4. OneDrive
      1.  
        Configuring OneDrive account
      2.  
        Registering Data Insight with Microsoft to enable OneDrive account monitoring
      3.  
        Configuring application without user impersonation for Office 365
      4.  
        Add/Edit OneDrive account
      5.  
        Monitored Cloud Accounts
  7. Directory Services
    1.  
      About Active Directory Services
    2.  
      Registering Data Insight with Microsoft to scan Azure AD
    3.  
      Add/Edit Azure active directory service
  8. Health and Monitoring
    1.  
      Scan Status
  9. Classification
    1.  
      Requests
    2.  
      Configuration
    3.  
      Setting up Classification
  10. File Groups
    1.  
      About File group
    2.  
      Configuring File group
  11. Reports
    1.  
      About Reports
  12. Workflows
    1.  
      Workflows
    2.  
      Task
  13. Data Remediation
    1.  
      Delete Files Configuration
  14. Users and Access
    1.  
      Users and Roles
    2.  
      Credentials

Registering Data Insight with Microsoft to enable OneDrive account monitoring

To authorize Arctera Data Insight to access the Microsoft OneDrive account, you must create an application and register it with Microsoft Azure Active Directory. This step involves associating a set of credentials with the application and providing the application with the required permissions, which enables communication between Data Insight and Microsoft.

Prerequisite

An Office 365 user with the Microsoft Global administrator role or with a role which has lesser admin privileges than the Global administrator can create and register an application with Microsoft. However, the user must be granted the following four roles at the minimum:

  1. Application Administrator : To create a Microsoft application

  2. User Administrator: To get the access to OneDrive account of all the users in tenant

  3. SharePoint Administrator: To fetch the data in OneDrive and SharePoint Online

  4. Privileged Role Administrator: To give admin consent to Azure Application

  5. A custom role (View-Only Audit Logs) in the Exchange Admin Center

Note:

To assign the first three roles, refer to the Azure documentation and to create a custom role (View-Only Audit Logs), access Azure Portal with Global Administrator credentials and create a custom role (View-Only Audit Logs) and assign it to the created user .

To create and register an application with Microsoft

  1. Login as a global admin user or minimum privilege user to https://portal.azure.com/#home and search App Registrations.
  2. On the Register an application page, enter a desired name for the app.
  3. In Supported account types select Accounts in this organizational directory only (<organization-name> only - Single tenant)
  4. On the Register an application page, click Register to register the app. (Redirect URI can be provided later.)

    Your new application is created and the app Overview page is displayed.

  5. Copy-save the Application (Client ID) and Directory (Tenant) ID. You will be required to provide it later while adding an account in Arctera Data Insight.
  6. Copy-save the . You will be required to provide it later while adding an account in Arctera Data Insight.
  7. On the left sidebar of your app dashboard, click Certificates and Secrets.
  8. In the Client secrets section, click New client secrets to generate the access token required for calling the required APIs
  9. Set the expiry to Never and click Add.
  10. Copy the Client Secret Value is generated. You will be required to provide it later while adding an account in Arctera Data Insight.
  11. Then you need to grant permissions to the app to use the Microsoft Graph and Office 365 APIs.

    On the left sidebar of your app, click API permissions, and then click Add a permission.

  12. Then click Grant admin consent for.., and confirm.
  13. On the Request API permissions panel that opens, select Microsoft Graph and Office 365 respectively, click Application permissions and grant the permissions as per the table given below:

    API

    Permission name

    Microsoft Graph

    Files.Read.All

     

    Group.Read.All

     

    RoleManagement.Read.Directory

     

    Sites.Read.All

     

    User.Read.All

    Office 365 Management APIs

    ActivityFeed.Read

     

    ActivityFeed.ReadDlp

    SharePoint

    Sites.FullControl.All

    Note:

    As per Microsoft guidelines, while using minimum permissions application, few advanced permissions like limited access permissions given to Limited Access System Group for the folder, permissions of sites, accounts, Document Library will not be visible. To fetch those permission, add Sites.FullControl.All scope to MS Application

  14. Now add the redirect URI.

    Go to the Overview page of the app and click Add redirect URI. The Authentication page opens

  15. Click Add a platform
  16. On the Configure platforms panel that opens, click Web
  17. Click Configure to save it.

Once the app is created, anybody in the organization can access the app. As per Microsoft recommendation, restrict the access to specific users.

For information on how to require the user assignment for an app via the Azure portal, refer to Configure an application to require user assignment Azure documentation

For information on how to assign users or groups to an app via the Azure portal, refer to Assign users to an app Azure documentation