Aguardic logoAguardic/Docs

Search documentation

Search all documentation pages

Get Started

OneDrive Integration

Monitor and enforce policies on OneDrive files.

Overview

The OneDrive integration connects Aguardic to your Microsoft 365 OneDrive via Microsoft Graph OAuth. Aguardic monitors file activity, evaluating document content, metadata, and sharing permissions against your policies. Violations trigger enforcement actions like quarantining files or flagging them for review.

Setup

1. Connect via OAuth

Go to Integrations > Add Integration > OneDrive in the Aguardic dashboard and click Connect. You'll be redirected to Microsoft to authorize Aguardic with the required Graph API permissions for file access.

2. Configure Monitored Paths

After connecting, configure which folders Aguardic should monitor. You can watch specific folders or your entire OneDrive.

3. Bind Policies

Go to Policy Bindings and map your policies to the OneDrive integration. Policies are evaluated against file activity within your monitored paths.

4. Configure Enforcement

Choose how Aguardic enforces policy results on OneDrive:

  • BLOCK — Moves the file to the "Aguardic Quarantine" folder, removing it from its original location
  • WARN — Logs the violation in Aguardic and flags the file for review
  • MONITOR_ONLY — No visible action in OneDrive, violations logged in Aguardic only

How It Works

  1. A file is created, modified, or shared in a monitored folder
  2. Microsoft Graph sends a change notification to Aguardic
  3. Aguardic fetches the file content, metadata, and sharing permissions
  4. The governance engine evaluates against bound policies
  5. Enforcement actions are taken based on the policy mode

Aguardic automatically creates the "Aguardic Quarantine" folder in your OneDrive when the first BLOCK enforcement is triggered.

What Gets Evaluated

  • File content — Text extracted from documents, spreadsheets, and presentations
  • File metadata — Name, type, size, creation date, last modified date
  • Sharing permissions — Who the file is shared with, link sharing status, permission levels
  • File path — Full folder path of the file

Example Policies

Sensitive Document Detection

Detect confidential content in documents:

  • Field: content
  • Operator: CONTAINS
  • Value: CONFIDENTIAL|TOP SECRET|INTERNAL ONLY
  • Severity: CRITICAL

External Sharing Detection

Flag files shared with users outside your organization:

  • Field: sharing
  • Operator: EQUALS
  • Value: external
  • Severity: HIGH

Large File Upload

Monitor unusually large file uploads that may indicate data exfiltration:

  • Field: file_size
  • Operator: GT
  • Value: 104857600 (100 MB)
  • Severity: MEDIUM

Next Steps

DropboxYour First Policy