OneDrive Integration
Monitor and enforce policies on OneDrive files.
Overview
The OneDrive integration connects Aguardic to your Microsoft 365 OneDrive via Microsoft Graph OAuth. Aguardic monitors file activity, evaluating document content, metadata, and sharing permissions against your policies. Violations trigger enforcement actions like quarantining files or flagging them for review.
Setup
1
Connect via OAuth
Go to Integrations > Add Integration > OneDrive in the Aguardic dashboard and click Connect. You'll be redirected to Microsoft to authorize Aguardic with the required Graph API permissions for file access.
2
Configure monitored paths
After connecting, configure which folders Aguardic should monitor. You can watch specific folders or your entire OneDrive.
3
Bind policies
Go to Policy Bindings and map your policies to the OneDrive integration. Policies are evaluated against file activity within your monitored paths.
4
Configure enforcement
Choose how Aguardic enforces policy results on OneDrive:
BLOCKMoves the file to the "Aguardic Quarantine" folder, removing it from its original location
WARNLogs the violation in Aguardic and flags the file for review
MONITOR_ONLYNo visible action in OneDrive, violations logged in Aguardic only
How It Works
1
File activity detected
A file is created, modified, or shared in a monitored folder
2
Change notification
Microsoft Graph sends a change notification to Aguardic
3
Fetch file data
Aguardic fetches the file content, metadata, and sharing permissions
4
Policy evaluation
The governance engine evaluates against bound policies
5
Enforce policies
Enforcement actions are taken based on the policy mode
Aguardic automatically creates the "Aguardic Quarantine" folder in your OneDrive when the first BLOCK enforcement is triggered.
What Gets Evaluated
File contentText extracted from documents, spreadsheets, and presentations
File metadataName, type, size, creation date, last modified date
Sharing permissionsWho the file is shared with, link sharing status, permission levels
File pathFull folder path of the file
Example Policies
Sensitive Document Detection
Detect confidential content in documents:
- Field:
content - Operator:
CONTAINS - Value:
CONFIDENTIAL|TOP SECRET|INTERNAL ONLY - Severity: CRITICAL
External Sharing Detection
Flag files shared with users outside your organization:
- Field:
sharing - Operator:
EQUALS - Value:
external - Severity: HIGH
Large File Upload
Monitor unusually large file uploads that may indicate data exfiltration:
- Field:
file_size - Operator:
GT - Value:
104857600(100 MB) - Severity: MEDIUM
Next Steps
- Google Drive Integration — Similar setup for Google Drive
- Dropbox Integration — Similar setup for Dropbox
- Your First Policy — Deep dive into policy creation