Event-based handling for SharePoint Online

MetaDefender Storage Security supports event-based handling for SharePoint Online, enabling real-time scanning of content as it is added.

Unlike other storage providers, MDSS automates the setup of the Microsoft Graph subscriptions needed for monitoring SharePoint events. This makes the configuration process simpler and faster for SharePoint Online users.

Advantages

  • MDSS automatically creates, renews, and manages all necessary Microsoft Graph API subscriptions. No manual intervention is required for this critical infrastructure
  • Get real-time scanning up and running faster, without the complexities of manual Graph API configuration
  • Files are scanned immediately upon upload or modification in SharePoint Online, providing continuous security

How it works

MDSS leverages Microsoft Graph API webhooks to receive notifications from SharePoint Online whenever content is added or modified. MDSS handles the entire lifecycle of these webhook subscriptions on your behalf. For this to work correctly, your MDSS instance must be reachable from the internet to receive these notifications from Microsoft.

Prerequisites

Before MDSS can automatically configure event-based handling, your environment must meet the following crucial prerequisites:

  1. MDSS Hosted and Accessible via HTTPS

    • SharePoint Online sends event notifications (webhooks) to your MDSS instance. These notifications require a secure HTTPS connection to a trusted endpoint
    • Your MDSS instance must be served over HTTPS
    • The machine running MDSS needs a valid SSL certificate from a trusted Certificate Authority. While self-signed certificates can technically work, they are strongly discouraged as they require complex trust configurations within your SharePoint environment and can lead to notification failures if not managed perfectly

  2. Publicly Accessible MDSS Port

    • Microsoft Graph API needs to send event notifications directly from Microsoft's cloud services to your MDSS instance. If MDSS is not publicly accessible, these critical notifications cannot be delivered
    • The HTTPS port used by MDSS (default is 443) must be open and reachable from the public internet
    • Configure your firewall, router, load balancers, and any other network security infrastructure to allow incoming HTTPS traffic on this port, directing it to the MDSS host machine

  3. Configured SharePoint Online Connection in MDSS

    • MDSS needs to authenticate with your SharePoint Online environment to register the webhooks for event notifications and access file content for scanning
    • Your SharePoint Online storage must be successfully added and properly configured within MDSS.
    • Make sure that MDSS has the necessary permissions to access your SharePoint site(s). These permissions are typically granted via OAuth during the initial storage addition process and must include the ability to manage Graph API subscriptions for the targeted resources

Once these prerequisites are met, MDSS will automatically handle the setup and ongoing management of event-based scanning for your configured SharePoint Online storage

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Event-Based Real-Time handling for AWS
On This Page
Event-based handling for SharePoint OnlineAdvantagesHow it worksPrerequisites