KB Article | Forcepoint Support

Problem Description

I want to perform discovery on my organization's Office 365 documents. Does TRITON AP-DATA or Data Security support this?

Resolution

TRITON AP-DATA and Websense Data Security support discovery on Microsoft Exchange and SharePoint Online for Microsoft Office 365.
To perform discovery on Microsoft Exchange 365:
  1. Create or identify an Exchange 365 account for Exchange discovery scanning.
  2. Grant the account one of the following roles. This is necessary so that discover messages and display results.
    1. Organization Management
    2. View Only Organization Management

The service account should now be able to access Exchange via Outlook Web App (OWA) and move between the mailboxes intended to be scanned during the discovery. To verify:

  1. Log onto OWA with this account.
  2. Switch between mailboxes.

User-added image

Exchange impersonation needs to be enabled for the service account used for the discovery. To configure Exchange impersonation:

  1. Open the Windows PowerShell as administrator and enter the following command:
    $LiveCred = Get-Credential
    When prompted for credentials, type the user name (email address) and password that you established for the Exchange 365 account.
  2. Enter the following command:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection
  3. Read and ignore any warning that results, then enter the following command:
    Import-PSSession $Session
  4. Enter the following command:
    Set-ExecutionPolicy RemoteSigned
  5. When prompted, if you would like to change the execution policy, click Yes.
  6. Enter the following command:
    Enable-OrganizationCustomization
  7. Enter the following command:
    New-ManagementRoleAssignment –Name "Impersonation-Forcepoint" –Role "ApplicationImpersonation" –User user@mydomain.onmicrosoft.com
    Here:
    • Impersonation-Forcepoint is the name of the administrator role being created for the Exchange 365 account.
    • user@mydomain is the user name that will be used in the discovery task.

Next, configure an Exchange discovery task in the Data Security manager.

  1. Log on to the TRITON Manager and click the Data tab.
  2. Use the left navigation menu to select the Main > Policy Management > Discovery Policies page.
  3. Under Network Discovery Tasks, click Add Network Task, and then click Exchange Task.
  4. Complete the wizard as explained in the Help for your product:
  5. On the Exchange Servers page, enter the Exchange credentials created above. Be sure to click Online when configuring the Data Storage field on the General tab.
    1. This will configure a discovery task.
    2. There are no additional setup requirements for SharePoint Discovery.
  6. Check that Integrated Windows authentication is turned on (it should be on by default). If it is not:
    User-added image
    1. In the Exchange admin center, go to servers, click virtual directories, and then click EWS (Default Web Site).
    2. Select Integrated Windows authentication.
    3. Click Save.

Article Feedback



Thank you for the feedback and comments.