OneDrive Personal Gatelet is enabled, the traffic is being directed to Cloudsoc as expected however no activities were populated to Cloudsoc Investigate, and the Policies are not triggering on OneDrive Personal Traffic. Only login and logout events are being captured. Uploads, downloads, and other file-level activities are not being logged or inspected as expected.

This issue typically arises due to behavioral changes in the SaaS application (OneDrive Personal), which necessitate updates to the Gatelet’s inspection logic. The current Gatelet implementation is unable to parse and inspect the modified traffic patterns introduced by recent changes in OneDrive Personal’s backend, resulting in incomplete activity logging.

Broadcom Cloudsoc engineering has confirmed this as a known defect and is actively working on a code-level fix to restore full inspection capabilities.

A permanent fix is under development and is scheduled for release in phases starting the next CloudSOC production update (October 2025). 

Temporary Workaround:

To mitigate the impact until the fix is deployed:

1. Enable the O365 Gatelet as a substitute for OneDrive Personal inspection.
   • The O365 Gatelet shares several Domains of Interest  with OneDrive Personal, allowing partial inspection of file-level activities.
2. Review Domain Overlap:
   • Before enabling the O365 Gatelet, validate the DOI for both Gatelets to ensure proper coverage and avoid inspection conflicts.
3. Adjust Policy Scope:
   • Update inspection and enforcement policies to reflect the temporary Gatelet substitution and maintain compliance with organizational security standards.

Note: Office 365 Gatelet covers many O365 Apps, the Gatelet can not be limited to OneDrive Only.