Cloudmersive Private Cloud Storage Protection - SharePoint Online Configuration and Best Practices


Cloudmersive Private Cloud Storage Protection allows you to apply security policies to all of the files in your Cloud Storage systems, including SharePoint Online - Document Libraries and Sites. Use these policies to block viruses, malware and other threats at the storage tier automatically, in real time, and with no code.

General Approach

In general, the Cloudmersive Private Cloud Storage Protection system integrates with your SharePoint Online system to get notified when new files are created/updated, and then responds to take action when needed in real time.

To provision the Cloudmersive Private Cloud Storage Protection system, talk to your Cloudmersive account representative.

Preliminary Planning

Before beginning the install, you will need to decide if you want to deploy Cloudmersive Storage Protection running in a Managed Instance or in a Private Cloud self-managed deployment.

If you wish to use a Managed Instance, talk to your Cloudmersive representative to provision the needed instance in the data center region(s) of your choice. This will be deployed and operated by Cloudmersive. Once deployed, proceed to step 1.

If you wish to use a Private Cloud self-managed install, talk to your Cloudmersive representative to provision the needed licenses into your account. Then, perform the Private Cloud installation of those services (or if it is an existing installation, perform the Update operation). Once ready, proceed to Step 1.

Storage Protection licenses also need to be added to your account; talk to your Cloudmersive representative to add these licenses.

Step 1 - Create the Cloud Connection

First, we need to create a secure Cloud Connection in your Cloudmersive Account portal to your SharePoint Online tenant and site(s).

Navigate to your Cloudmersive Portal and click on Cloud Storage Protection. Click on Add Connection.

Under Connection Name, give your connection a meaningful name so that you can track this connection among others. Under Infrastructure, select which Cloudmersive infrastructure you would like to use; you can use a Cloudmersive Private Cloud endpoint or a Cloudmersive Managed Instance.

Under Cloud Storage Type, select SharePoint Online. Follow the steps onscreen to configure your SharePoint Online cloud connection. You will need to input your Domain Name, Client ID, Secret Key, and Tenant ID; the on-screen instructions will walk you through where to get this information. You will not be able to view or cahnge these settings later for security reasons, so ensure that the information is correct at this stage.

Under Outcome Actions, select what you would like to have happen when Clean or Infected files are found. Note that you can change these settings later.

Outcome Actions

Here for clean files - that is files with no infections, you can select from "No Action" which will take no action for the clean file, "Add Tag to Clean Files" which will create a tag called VirusScanResult and set its value to Clean. You will be able to tell the outcome of the scan by looking at the new List Column named "CloudmersiveScanStatus".

Here for infected files - that is files with threats/infections, you can select from "Add Tag to Infected Files" which will create a tag called VirusScanResult and set its value to Infected, Delete Infected Files which will delete the original file (recommended).

When ready, click on Create Connection.

Step 2 - Add Site to Scanning Scope

Now, from the list of Cloud Connections click on Manage next to the one you just created.

Under API Keys click on Add API Key and select the API key you wish to use. This step is mandatory; if you do not complete it, scanning will produce unauthorized errors.

Next, click on Add Site. Select one site by clicking on Add Site next to it. Once complete, this site will now have Cloudmersive Storage Protection enabled with the policies you specified above. You should now test out your connection.

Step 2 - Add More Sites to Scanning Scope

After testing, you can add additional sites manually, or Add All Sites. You can also configure automatic adding of new sites; if enabled, a job will be run hourly that checks for new sites and automatically adds them to the scanning scope.

Webhook Callbacks (Optional)

You can initiate a callback from Cloudmersive Storage Protect to your web application or API by enabling the Webhook callback feature. It is strongly recommend that you use HTTPS and TLS 1.2 or higher for encryption in transit on your Webhook server implementation.

You can enable Webhook callback by clicking on Edit Connection. Once enabled, an HTTP POST request (with timeout 15 seconds) will be sent to the Webhook URL that you specify with the following body and data type application/json:

    class StorageProtectScanResult
        public string SharePointOnline_SiteID;

        public string FileName;

        public CloudStorageVirusScanResult ScanResult;

The schema for CloudStorageVirusScanResult is:

    class CloudStorageVirusScanResult
        public bool Successful { get; set; }

        public bool CleanResult { get; set; }

        public CloudStorageVirusFound[] FoundViruses { get; set; }

        public string ErrorDetailedDescription { get; set; }

        public long FileSize { get; set; }

If you specify the optional access key parameter, a header will be added to the request with name WebhookAccessKey and the value you provide for Webhook Access Key.