There may be instances where the Client needs to renew the access token or update the Securlet permissions. In such cases, the customer should deactivate/reactivate the O365 Securlet without using the Purge option.

Deactivation with purge can be used to delete all metadata associated with the securlet by checking the purge box during deactivation. 

A securlet reactivation post purge will cause all documents to be re-scanned. Please contact support for any additional questions regarding the purge feature.

Deactivating CloudSOC O365 Securlet W/O Purge before reactivation – recommended steps

Advance preparations before deactivating O365 Securlet W/O Purge:

1. Identify the O365 tenant(s) currently being used with O365 Securlet. Existing CloudSOC clients normally use the same MS O365 tenant and copy previous settings for reactivation.
   
   
2. Ensure that the MS O365 User to be used for O365 Securlet reactivation is a Global Admin (GA) and can log in to the same MS O365 tenant(s) currently connected to CloudSOC
   
   
3. If it does not already exist – create a CloudSOC SysAdmin account using the same email address as in the MS O365 GA User Profile.
   
   
4. The email address used to create the CloudSOC Sysadmin account to be used for reactivation must match the email address in the MS O365 tenant GA User Profile.
   
   
5. Confirm you can login to CloudSOC SysAdmin account and the O365 GA account which has the same email address You’ll use both later to reactivate the O365 Securlet.
   
   
6. While MS O365 GA Admin is logged in to the MS O365 tenant go to the Sharepoint Administration tab. Export Active Sites to a CSV file.

      7. From Exported Sites CSV file - Create a new CSV file with just one Top Level Site URL No column name, no “/” after the URL – One CSV for each O365 Account if more than one:

      Example content of a CSV file with one Site URL:

       https:// <Example_Company.com>/sharepoint.com/Sites     

Save existing O365 Securlet settings to be re-used later during reactivation

From the CloudSOC Store | click on O365 Securlet Configuration | Office 365 Configure





Recommend - Take a screenshot of each O365 account configuration listed in the drop-down list, and also copy the text from each field to notepad for pasting back in later during Securlet reactivation



* If your CloudSOC O365 Securlet configuration has multiple O365 Accounts repeat previous steps to save configurations and prepare for re-adding those additional O365 accounts as well.


* A few days before recommend creating a CASB Support case notifying us of the planned date/time so Support can notify Securlet Engineering and assist quicker if needed.

On planned date/time for Deactivation W/O Purge/ Reactivation:

1. Ensure that you have all screenshots, saved configs, and Sites CSV files, and that required SysAdmin and O365 GA Admin logins are still working.

2. From the CloudSOC Store | click on O365 Securlet Configuration | Office 365 Configure




* Warning: Do NOT check any box to Purge Data unless you intend to do so and lose historical data

3. If there are multiple O365 accounts, Ensure the config is saved first, then remove each additional account one at a time by clicking the Delete Account link until one account left.

   You’ll need to enter Your CASB Tenant’s Primary domain.

4. VERY Important: Leave the Purge Data box on the left un-checked

5. For the last O365 account, (if you had more than one) click on the Deactivate button and you’ll be required to enter the Tenant’s Primary domain again.
Wait approx. 10 min to give CloudSOC time to fully deactivate the O365 Securlet before attempting to reactivate it.

Steps for O365 Securlet Reactivation (after Deactivation No Purge):

Follow O365 Securlet Tech Doc instructions for reactivation using screenshots and your previously saved text values to re-populate each of the fields:
https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/securlets-home/m365-securlet/activate-m365-securlet.html

Notes:

During reactivation there will be a checkbox at the bottom for "Teams Messages" option. (no new license needed for Teams Message scanning)

Customers will need to have a minimum Microsoft E5 license to be able to scan the content of User's messages in the O365 Securlet – MS Teams sub-feature.

For importing Sharepoint "Sites" the O365 Admin's Username and Password sometimes fail. if that happens Copy/Paste in the CSV file with one URL created during the preparation steps above


If you have additional O365 Accounts configured in O365 Securlet - Use your saved screenshots and saved text for the fields from additional O365 Accounts to re-populate and reactivate each one.

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/securlets-home/m365-securlet/activate-m365-securlet/enable-multiple-accounts.html

If you have further questions please engage with CASB Support through your existing or new CASB Support Case for the Deactivation/Reactivation activity.