OneDrive

Storage Monitoring OneDrive Integration

The Glasswall Halo Storage Monitoring Service integrates seamlessly with OneDrive user drives, automatically sanitizing supported file types as they are uploaded to monitored drives.

Prerequisites

Before configuring OneDrive monitoring, ensure the following:

• The Storage Monitoring service is deployed and running
• An application is registered in Microsoft Entra ID with the appropriate permissions
• The application’s client ID, tenant ID, and client secret are stored in Azure Key Vault
• You have access to the Halo Storage Monitoring API

For guidance, refer to the Halo Storage Monitoring setup guide.

Monitoring a User's Drive

To set up monitoring, you’ll need:

• User ID of the OneDrive owner

You can retrieve the User ID using an endpoint provided by the Halo Storage Monitoring API. See the Storage Monitoring API documentation for details.

Optional Configuration

You can optionally customize each monitor with:

• A custom policy
• A failure-handling strategy:
  • Replace failed files with a failure report
  • Leave the original file in place (not recommended for sensitive environments)

If no custom settings are applied, the default policy is used, and failed files are left in place.

Monitors can be updated or removed at any time to change policies or handling behavior.

Important: Policies linked to active monitors are locked and cannot be deleted. To remove a policy, first reassign or delete any associated monitors.

How Monitoring Works

Once activated, the monitor automatically performs the following for each supported file uploaded to the monitored drive:

1. Checks out the file
2. Downloads the file
3. Applies sanitization
4. Re-uploads the cleaned file
5. Checks the file back in

Note: OneDrive retains version history for all files, allowing users to view, download, or restore earlier versions — including the original, pre-sanitized file.