Nov 04 2020 03:06 AM
Nov 04 2020 03:06 AM
We want to setup the admin quarantine in Cloud App Security pointing to SharePoint. Unfortunately we see only OneDrive locations and only 2-3 SharePoint sites.
Is there a known configuration for the SharePoint sites, that they get available in MCAS? I couldn't find any information on the docs or other blogs.
Nov 05 2020 03:49 PM
Hi @NiklasM! The SPO sites that are missing... were those names changed ever? Or, are they the names that were first assigned to those sites when they were created?
Nov 05 2020 10:42 PM
@SarahzinWe have two scenarios:
1.) Our customer created a new site only for this and the name was not changed after the creation. The site is not visible in MCAS. But sites that are created the same way (maybe different permissions) are available.
2.) I also tested it with the Contoso Test Tenant and there are only the sites "https://m365x123456.sharepoint.com" and "https://m365x123456.sharepoint.com/portals/hub" available. I have not changed anything in the Contoso Tenant yet.
I will create a new site in my Contoso Tenant to see if I can get deeper in this topic. But at the end it would be important, also for the Docs, to have a clear answer how to configure the SharePoint Site.
Jan 29 2021 07:28 AM
@NiklasM @Sarahzin I've also ran into this issue in multiple M365 tenants. Initially only OneDrive user sites appear in the list when searching for an Admin quarantine folder location, but over time SharePoint sites start to appear in the results. I don't recall the exact timing, but it did take several days before the dedicated SpO site that was created specifically for the Admin Quarantine appeared in the search results for assignment of the Admin Quarantine folder location.
Jan 29 2021 08:03 AM
UPDATE: Found this info in a previous thread
MCAS detects new folders only after some file activity has been performed in them.
I suggest you upload a single file to the new folder, which will cause MCAS to pick it up.
Feb 17 2021 10:08 AMSolution
Documentation has been updated.
Cloud App Security only detects new SharePoint and OneDrive folders, including if they are set as the admin quarantine folder, after some file activity has been performed in them.