Activate the Office 365 Securlet for CloudSOC

book

Article ID: 171228

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

You need to activate the Office 365 Securlet for Symantec CloudSOC .

Resolution

Prerequisites for enabling the Office 365 Securlet

To activate the Office 365 Securlet on your CloudSOC account:

  •  You must have SysAdmin privileges for your CloudSOC account. 
  •  You must have an Office 365 Enterprise account.
  •  You must have Global Administrator privileges for your Office 365 account.
  •  The email address you use as the username for the administrator login on your Office 365 account must be exactly the same as the email address that you use as your CloudSOC username. Furthermore, this email address must be within the primary or secondary domains listed for your Elastica CloudSOC account. To confirm, login to CloudSOC, choose Settings > General , and check your domains as shown below.



    If necessary, contact Elastica technical support to add additional secondary domains.
Note: We recommend that you contact your Elastica representative and have them enable the onmicrosoft.com domain that matches your office365.com domain as a secondary domain on your CloudSOC account. For example, if your Office 365 domain is mycompany.office365.com, ask your representative to enable mycompany.onmicrosoft.com as a secondary domain. Symantec has found that customers who subscribe to the Office 365 Securlet are unaware that some of their users have primary email addresses within the onmicrosoft.com domain. The Office365 Securlet does not track these users' activities unless you have onmicrosoft.com added as a secondary domain.

Enabling the Office 365 Securlet

This section describes how to enable the Office 365 Securlet for a single Office 365 account.

If you want to enable the Office 365 Securlet for multiple Office 365 accounts, follow this procedure to activate the Office 365 Securlet for the first account, then use the procedure in Enabling the Securlet for additional Office 365 accounts .

  1.  Log in to CloudSOC using your administrator credentials.
  2.  Go to the Elastica App Store by clicking on Store in the left side navigation bar.
  3.  In the Store, scroll down to the Securlets area and locate the tile for the Office 365 Securlet.
  4.  On the entry for Office, click Details .
  5.  On the page about the Office 365 Securlet, click Enable . CloudSOC sends an activation request to Elastica for the Office 365 Securlet. The label on the Enable button changes to “Request Pending.” When Elastica approves the activation request, the button label changes again to “Activate.” During weekday business hours Pacific time, activation usually takes about 20 minutes. Contact your Elastica representative if the activation takes unusually long.
  6.  Click Activate . CloudSOC prompts you to choose either a full or selective scan of your Office 365 account users and folders.
  7.  Choose one option and click Activate Securlet.
  8.  For Office 365 Tenant ID, enter the Tenant ID shown on your Office 365 Profile page.
  9.  For Account Name, enter the name you want to use to identify this account within the Elastica apps. Use this feature to tell your accounts apart if you register multiple Office 365 accounts as described in Enabling the Securlet for additional Office 365 accounts .
  10.  If you want CloudSOC to import all your Office 365 users with Active status, mark the "Import as active users" checkbox. Otherwise, the users' statuses are automatically set to Inactive, and you must manually change them to Active later. Inactive users cannot access SaaS apps through the Elastica gateway.
  11.  If you have custom URLs for your OneDrive, Mail, and Sites:
    1.  Mark the Use custom endpoints checkbox. The page shows the custom URLs options.
    2.  In the OneDrive URL box, enter your custom OneDrive URL.
    3.  Leave the Admin's OneDrive URL box blank if you are activating the Securlet on an Office 365 account for which mail is your only service (no Sites and no OneDrive). Otherwise, enter the URL for the OneDrive admin's workspace. This is where CloudSOC moves or copies files that are quarantined by the Protect app Preserve Content feature. Note: Do not mark the ACS auth checkbox unless you are so instructed by Elastica technical support.
    4.  Mark the Mail and Sites checkboxes as appropriate to select the Office 365 apps to secure. Which check boxes are available might depend on your service agreement with Elastica. Contact your Elastical representative for details.
    5.  Enter your custom URLs for Mail and Sites as appropriate.
  12.  If you do not have custom URLs as described above:
    1.  Make sure the Use custom endpoints checkbox is clear (not checked).
    2.  Type your Office 365 domain in the Sub Domain box. If you are uncertain what your domain is, open your Office 365 Admin Center ( https://portal.office.com ) and choose Admin > Sharepoint . The domain looks something like “https://< subdomain >-my.sharepoint.com”. If you have more than one Office 365 domain, contact your elastica representative to have the additional domains added as secondary domains on your CloudSOC account.
    3.  Leave the Admin's OneDrive URL box blank if you are activating the Securlet on an Office 365 account for which mail is your only service (no Sites and no OneDrive). Otherwise, enter the URL for the OneDrive admin's workspace. This is where CloudSOC moves or copies files that are quarantined by the Protect app Preserve Content feature.
    4.  Mark the Mail and Sites checkboxes as appropriate to select the Office 365 apps to secure. Which check boxes are available might depend on your service agreement with Elastica. Contact your Elastical representative for details.
  13. If you marked the Sites checkbox, enter your Office 365 login credentials in the Username and Password boxes, then click Import Sites. Note: CloudSOC uses the credentials only to retrieve the top-level sites. It then discards the credentials without storing them.
  14. (Optional) To import your Sites from a CSV format file, click the Select CSV file to upload box, or drag a CSV file into the box, then click Import via CSV .
  15. Click Save .
  16. CloudSOC redirects you to the Office 365 login page. Note: If the Save button is disabled (grayed out), it might mean that Elastica did not properly grant you access to the Office 365 Securlet. Contact your Elastica representative if this happens.
  17. Login to Office 365 using your Office 365 global administrator username and password. Office 365 prompts you to grant Elastica permission to access your Office 365 resources.
  18.  Click Accept to grant access to all requested resources.
  19.  If you chose Selective Scan in Step 7, use the tools on the Define Scan Policies dialog box to create granular scan policies that scan only specific users or groups, or exclude specific users or groups from Securlet scanning:
    1.  Use the Policy Type buttons to choose whether the Securlet scans only the items described in the policy, or scans everything except the described items.
    2.  Use the Users menu to choose which groups and users are included or excluded
    3.  Use the Folders menu to choose which folders are included or excluded. To add a folder, choose Specific folders matching keywords and then enter a full or partial folder name.
    4.  Click Add Rule near the bottom of the box to add additional user, group, or folder rules to the scan policy.
    5.  Click Start Scan .

You have completed the Securlet setup for Office 365. CloudSOC starts scanning your Office 365 resources, and redirects you to the Office 365 Securlet dashboard in CloudSoC.

Attachments