Cloud Storage Scanning supports scanning for malicious files in your enterprise level OneDrive account. Configure a continuous or scheduled scan to check for any malicious files currently in your users' OneDrive folders.
The following scan frequencies are available:
- On-demand: An on-demand scan of your cloud storage folders. Click Scan under the Actions column on the Cloud Storage Scans page to initiate the scan.
- Daily: A scheduled scan that runs daily at the specified time.
- Weekly: A scheduled scan that runs on certain days of the week at the specified time.
- Monthly: A scheduled scan that runs on a certain day of the month at the specified time.
- Continuous: A continuous scan that checks for new and updated files. Check Include existing files to initiate a scan on all files before monitoring for changes to them.
For more information, see Should I run a scheduled scan, continuous scan, or a combination of both.
- The Nebula Super Admin or Administrator must be an Azure Active Directory Admin.
A Cloud Storage Scanning application must be created in OneDrive before creating the configuration in Nebula.
- Create an application with Azure AD. For more information, see Register an application with Azure AD and create a service principal.
- Record the Application (client) ID and Directory (tenant) ID values. For more information, see Get tenant and app ID values for signing in.
- Create an application secret and record the Secret value. For more information, see Create a new application secret.
- Add the following permissions to access Microsoft Graph. For more information, see Add permissions to access Microsoft Graph:
- In the Grant consent tab, select Grant admin consent for your administrator account (Default Directory), then select Yes.
- On the left navigation menu, go to Settings > Cloud Storage Scans.
- In the top-right, click Add a Scan.
- Enter a name for the scan configuration.
- Select OneDrive and enter the Tenant Id, Client Id, and Client Secret.
- Click Connect to Provider.
- In the Items to scan tab, select which users or folders to scan.
- In the Quarantine tab, toggle on Enable Quarantine to allow Cloud Storage Scanning to automatically quarantine malicious files.
- Select a user for the quarantine folder. A folder that contains all quarantined objects from this scan configuration is automatically created in the selected user's directory.
- Select the default or customize the tombstone file. A tombstone file is created and replaces the original file when a file is quarantined. It is designed to provide information or instructions for users.
- In the Scan frequency tab, select a scan frequency.
Note: Scheduled scans run in Coordinated Universal Time (UTC).
- In the top right, click Save.
Return to Malwarebytes Cloud Storage Scanning guide.