Skip to main content

Configure Cloud Storage Scanning for OneDrive in Nebula

Cloud Storage Scanning supports scanning for malicious files in your enterprise level OneDrive account. Configure a continuous or scheduled scan to check for any malicious files currently in your users' OneDrive folders.

The following scan frequencies are available:

  • On-demand: An on-demand scan of your cloud storage folders. 
  • Daily: A scheduled scan that runs daily at the specified time. 
  • Weekly: A scheduled scan that runs on certain days of the week at the specified time.
  • Monthly: A scheduled scan that runs on a certain day of the month at the specified time.
  • Continuous: A continuous scan that checks for new and updated files. Check Include existing files to initiate a scan on all files before monitoring for changes to them. 

For more information, see Should I run a scheduled scan, continuous scan, or a combination of both

Nebula Requirements

  • The Nebula Super Admin or Administrator must be an Azure Active Directory Admin.

OneDrive Configuration

A Cloud Storage Scanning application must be created in OneDrive before creating the configuration in Nebula.

  1. Create an application with Azure AD. For more information, see Register an application with Azure AD and create a service principal.
  2. Record the Application (client) ID and Directory (tenant) ID values. For more information, see Get tenant and app ID values for signing in.
  3. Create an application secret and record the Secret value. For more information, see Create a new application secret.
  4. Add the following permissions to access Microsoft Graph. For more information, see Add permissions to access Microsoft Graph
    • Sites.Read.All
    • User.Read.All
  5. In the Grant consent tab, select Grant admin consent for your administrator account (Default Directory), then select Yes.

Nebula Configuration

  1. On the left navigation menu, go to Configure > Cloud Storage Scans.
  2. In the top-right, click Add a Scan.
  3. Enter a name for the scan configuration.
  4. Select OneDrive and enter the Tenant Id, Client Id, and Client Secret.
  5. Click Connect to Provider.
  6. In the Items to scan tab, select which users or folders to scan.
  7. In the Quarantine tab, toggle on Enable Quarantine to allow Cloud Storage Scanning to automatically quarantine malicious files.
  8. Select a user for the quarantine folder. A folder that contains all quarantined objects from this scan configuration is automatically created in the selected user's directory. 
  9. Select the default or customize the tombstone file. A tombstone file is created and replaces the original file when a file is quarantined. It is designed to provide information or instructions for users.
  10. In the Scan frequency tab, select a scan frequency.
    Note: Scheduled scans run in Coordinated Universal Time (UTC).
  11. In the top right, click Save.
    Note: Once a scan has been saved, it cannot be modified. Delete the existing scan and create a new one if changes are required.

Return to Malwarebytes Cloud Storage Scanning guide.

Related articles