Arctera Data Insight

Last Published:
Product(s): Veritas Alta Data Insight (1.0)
  1. About Arctera Data Insight
    1.  
      About Arctera Data Insight
  2. Dashboard
    1.  
      About Arctera Data Insight Dashboard
    2.  
      Storage Utilization Trends
  3. Workspace
    1.  
      About Arctera Data Insight Workspace
    2.  
      Data
    3.  
      Users
    4.  
      Groups
  4. Installing Collector Node
    1.  
      About Collector node
    2.  
      Downloading and Installing Arctera Data Insight Collector
  5. Servers
    1.  
      About servers
    2.  
      Servers
  6. Data Sources
    1.  
      Data Sources
    2. Filers
      1.  
        Adding filers
      2.  
        Viewing configured filers
      3.  
        Editing filer configuration
      4.  
        Managing filers
      5.  
        Monitored Shares
      6.  
        About disabled shares
    3. SharePoint Online
      1.  
        About SharePoint Online account monitoring
      2.  
        Registering Data Insight with Microsoft to enable SharePoint Online account monitoring
      3.  
        Configuring application without user impersonation for Office 365
      4.  
        Creating an application in the SharePoint Admin Center
      5.  
        Add SharePoint Online accounts
      6.  
        Managing Site Collections
      7.  
        Monitored Site Collections
    4. OneDrive
      1.  
        Configuring OneDrive account
      2.  
        Registering Data Insight with Microsoft to enable OneDrive account monitoring
      3.  
        Configuring application without user impersonation for Office 365
      4.  
        Add/Edit OneDrive account
      5.  
        Monitored Cloud Accounts
  7. Directory Services
    1.  
      About Active Directory Services
    2.  
      Registering Data Insight with Microsoft to scan Azure AD
    3.  
      Add/Edit Azure active directory service
  8. Health and Monitoring
    1.  
      Scan Status
  9. Classification
    1.  
      Requests
    2.  
      Configuration
    3.  
      Setting up Classification
  10. File Groups
    1.  
      About File group
    2.  
      Configuring File group
  11. Reports
    1.  
      About Reports
  12. Workflows
    1.  
      Workflows
    2.  
      Task
  13. Data Remediation
    1.  
      Delete Files Configuration
  14. Users and Access
    1.  
      Users and Roles
    2.  
      Credentials

Configuring application without user impersonation for Office 365

Setting DisableCustomAppAuthentication property for the tenant

To set the property DisableCustomAppAuthentication,

  1. Install Module Pnp.Powershell using command in PowerShell Install-Module -Name PnP.PowerShell on the same machine where you have registered Data Insight with Microsoft in the earlier section.
  2. Run the command Register-PnPManagementShellAccess and provide credentials of Global Administrator Account

    Note:

    This step is done to provide PnP PowerShell Authentication with Service Principal. If we do not do this then we will get error : Connect-PnPOnline : AADSTS65001: The user or administrator has not consented to use the application with ID'31359c7f-bd7e-475c-86db-fdb8c937548e' named 'PnP Management Shell'. Send an interactive authorization request for this user and resource

  3. Copy the following script in Notepad and save it as DisableCustomAppAuthentication.ps1 file.
    param (
	[parameter(Mandatory=$true)]
    [string]$Organization)

Import-Module PnP.PowerShell
$url = 'https://'+$Organization+'-admin.sharepoint.com'
Write-Output $url
$userCredential = Get-Credential
Connect-PnPOnline -Url $url -Credential $userCredential
get-PnPTenant
Set-PnPTenant -DisableCustomAppAuthentication $false

    Note:

    This is required for normal functioning of fetching of Advanced Permission, classification of data and scanning local user for SharePoint Online and OneDrive.

  4. Run the script using .\DisableCustomAppAuthentication.ps1
  5. When prompted, provide organization name.
  6. In the Windows Powershell Credential Request pop up, provide Global Administrator credentials and click Ok
  7. In the list of output, verify if the CustomAppAuthentication property is set to False.

After configuring application, you need to add the created application to the lookup

To add created application to the lookup,

  1. Copy the Client ID of the app created in the Azure portal App
  2. Navigate to https://<organization-name>-admin.sharepoint.com/_layouts/15/appinv.aspx
  3. Paste the Client ID copied from the Azure portal App in the App Id field
  4. Click Lookup
  5. Add localhost.com in the App Domain field
  6. Add https://localhost.com/default.aspx in the Redirect URL field
  7. Add following XML in the App's Permission Request XML
    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/tenant"
    Right="FullControl"/>
    </AppPermissionRequests>
  8. Click Create
  9. Click Trust It

You will be redirected to the SharePoint admin center.

Configuring an administrator account for Data Insight

Data Insight uses a Global administrator account to discover the site collections and scan metadata and a SharePoint administrator account to fetch the access events from the configured SharePoint Online account. Global administrator accounts must have full control over the site collections that you want Data Insight to monitor. You must configure the Global administrator, as owner for team site collections, on the Office 365 interface and assign the administrative privileges for the target site collections.

To add a SharePoint administrator

  1. Log on to Office 365 using the Global admin credentials.
  2. On the SharePoint admin center page, click Users > Active users > Add a user.

    The New User pop-up windows opens.

  3. Enter the name of the user and other properties as appropriate.
  4. In the Roles section, select Customized administrator > SharePoint administrator.
  5. Click Add.

The SharePoint administrator account collects metadata about site collection content , and gathers audit data from SQL Server databases for SharePoint when it is assigned administrative privileges for the target site collections. It must also have full control permissions on the configured site collections and the site collections that are incrementally included to the SharePoint account. For team site collections, the SharePoint administrator should be an owner.

The Minimum Privilege user has access to all features in the Admin center and can perform all tasks in the Office 365 Admin center.

To assign owners for team site collections

  1. On the SharePoint admin center page, go to Groups > Groups, and select the Group Name to which you want to assign owners.
  2. In the Group details pane on the right-hand-side, click Edit for the Owners entry.
  3. In the Edit pane, click Add owner and select a user having Minimum Privilege user credentials.
  4. Click Save.