Netskope Global Technical Success (GTS)
Use Case – Differentiating Microsoft OneDrive Instances: Business vs Personal
Netskope Cloud Version - 113
Objective
Identifying Microsoft OneDrive Instances: Differentiating Between Business and Personal instances
Prerequisite
Netskope CASB Inline licensing is required
Context
The customer requires guidance on distinguishing between Microsoft OneDrive Business and Personal instances. Additionally, they seek assistance in identifying which Personal instance the end-user is utilizing
Do you Know?
- Microsoft OneDrive is classified into three distinct types -
- MS GCC Office 365 OneDrive for Business
GCC is Government Community Cloud. This is for Government customers. It is designed to comply with stringent government regulations and security requirements, ensuring data sovereignty and protection for government agencies and their stakeholders.
- Microsoft Office 365 OneDrive for Business
This is intended for commercial customers. In other words, all Microsoft OneDrive Business instance traffic will be routed to this
- Microsoft OneDrive
This is intended for personal use. Traffic from domains *@live.com, *@outlook.com, and *@hotmail.com will be routed to this.
- Does the Netskope CASB inline engine have the capability to detect which flavor of Microsoft OneDrive (GCC, Business, or Personal) the traffic belongs to?
The answer is YES
- What logic Netskope uses to identify the Microsoft OneDrive (GCC, Business, or Personal)?
- The answer is ‘Domains’
- Any traffic destined to the highlighted domains will be considered as Microsoft Office 365 OneDrive for Business traffic
- Netskope recognizes all three flavors of Microsoft OneDrive as cloud applications and offers a pre-defined cloud app connector with the highlighted activity controls
Sample
Configuration
- Identify the instance type
Path: Netskope Tenant UI >>> Skope IT >>> Application Event >>> Filter Application name >>> OneDrive
The personnel and corporate logs can be differentiated here based on the application
When clicking on the magnifying glass, you can view the event details:
We can observe that the log on the left side pertains to a Business OneDrive application (corporate instance), while the log on the right side corresponds to a Personal OneDrive application (non-corporate instance)
- Lets setup a Real-time protection policy to monitor transaction for Microsoft OneDrive Personal and Corporate
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy>> Cloud App Access
The below policies are designed to alert on any supported Microsoft OneDrive activity
__________________________________________________________________
Author Notes
- With the current Netskope product design, App instances are exclusively available for Microsoft Office 365 OneDrive for Business. This feature enables granular control instances specifically for OneDrive for Business.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, the application's functionality may be altered by the vendor. Additionally, Netskope Engineering is continuously working on product enhancements. It is possible that additional controls may become available to address some of the limitations mentioned earlier. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.