Effective December 31, 2024, the Cloud Storage Scanning service has reached End of Life.
Cloud Storage Scanning supports scanning for malicious files in your enterprise level OneDrive account. Configure a continuous or scheduled scan to check for malicious files in your users' OneDrive folders.
The following scan frequencies are available:
- On-demand: An on-demand scan of your cloud storage folders.
- Daily: A scheduled scan that runs daily at the specified time.
- Weekly: A scheduled scan that runs on certain days of the week at the specified time.
- Monthly: A scheduled scan that runs on a certain day of the month at the specified time.
- Continuous: A continuous scan that checks for new and updated files. Check Include existing files to initiate a scan on all files before monitoring for changes to them.
For more information, see Should I run a scheduled scan, continuous scan, or a combination of both.
Nebula Requirements
- The Nebula Super Admin or Administrator must be an Azure Active Directory Admin.
OneDrive Configuration
A Cloud Storage Scanning application must be created in OneDrive before creating the configuration in Nebula.
- Create an application with Azure AD. For more information, see Register an application with Azure AD and create a service principal.
- Record the Application (client) ID and Directory (tenant) ID values. For more information, see Get tenant and app ID values for signing in.
- Create an application secret and record the Secret value. For more information, see Create a new application secret.
-
Add the following Application permissions to access Microsoft Graph. For more information, see Application permission to Microsoft Graph:
- Application permissions
- Sites.Read.All
- User.Read.All
- Application permissions
- In the Grant consent tab, select Grant admin consent for your administrator account (Default Directory), then select Yes.
Nebula Configuration
- On the left navigation menu, go to Configure > Cloud Storage Scans.
- Click Add a Scan.
- Enter a name for the scan configuration.
- Select OneDrive and enter the Tenant Id, Client Id, and Client Secret.
- Click Connect to Provider.
- In the Items to scan tab, select which users or folders to scan.
- In the Quarantine tab, toggle on Enable Quarantine to allow Cloud Storage Scanning to quarantine malicious files automatically.
- Select a user for the quarantine folder. A folder that contains all quarantined objects from this scan configuration is automatically created in the selected user's directory.
- Select the default or customize the tombstone file. A tombstone file is created and replaces the original file when a file is quarantined. It is designed to provide information or instructions for users.
- In the Scan frequency tab, select a scan frequency.
Note: Scheduled scans run in Coordinated Universal Time (UTC). - Click Save.
Note: Once a scan has been saved, it cannot be modified. Delete the existing scan and create a new one if changes are required.
Return to Cloud Storage Scanning guide.