Contents x
SharePoint
    • PDF
    Contents

    SharePoint

      • PDF
      Article summary

      Storage Monitoring SharePoint Integration

      The Glasswall Halo Storage Monitoring Service supports integration with SharePoint document libraries, allowing supported file types to be sanitized automatically when uploaded to a monitored library.

      Prerequisites

      Before using the SharePoint integration with Storage Monitoring, ensure you're using:

      Required Network Configuration

      To allow SharePoint notifications to reach Halo, administrators must either:

      • Expose a publicly reachable cluster ingress address
        or
      • Whitelist the Microsoft Graph API IP addresses
        → Refer to row 23: "Microsoft Graph Change Notifications"

      Required App Registration

      The Storage Monitoring must be registered with Microsoft Graph API to enable access to and monitoring of SharePoint document libraries.

      Monitoring a SharePoint Document Library

      To configure monitoring, users must supply:

      • The Site ID
      • The Drive ID (i.e. the document library ID)

      These details can be retrieved using endpoints provided by the Halo Storage Monitoring API. For more information, refer to Storage Monitoring API.

      Each monitor can optionally be configured with:

      • A custom policy
      • A strategy for handling files that fail processing:
        • Replace with a failure report
        • Leave the original file in place (risky state)

      If no custom configuration is provided, the monitor will use the default policy and will not replace failed files.

      Monitors can be updated or removed at any time to adjust policies or change error-handling behavior.

      Note: Policies used by monitors are locked and cannot be deleted until they are unlinked. To unlock a policy, reassign affected monitors to a different policy or delete the monitors.

      Once a monitor is active, it automatically performs the following for each supported file uploaded to the monitored document library:

      1. Checks the file out
      2. Downloads the file
      3. Applies sanitization
      4. Re-uploads the clean file
      5. Checks the file back in

      Note: SharePoint maintains version history for all files, enabling users to view or restore earlier versions — including the original (pre-sanitized) upload.

      SharePoint Metadata Considerations

      When files, particularly OOXML documents, are uploaded to SharePoint, SharePoint may append a metadata package to the file. This is influenced by the document library and content type configuration.

      Important: This added metadata may cause sanitized files to appear “risky” if downloaded again and re-analyzed.

      The metadata package may include:

      • Tag fields, OCR text, media dates, structured search properties
      • SharePoint form templates for user interaction
      • Structures supporting taxonomy and enterprise metadata
      • InfoPath and Office integration components

      Depending on your organization’s SharePoint setup, sensitive metadata might also be included, such as:

      • Internal content type structures
      • Custom fields or taxonomies
      • User-specific metadata (e.g., dc:creator, lastModifiedBy, workflow IDs)
      • GUIDs or itemIDs which, while not inherently dangerous, may expose internal system patterns useful to attackers.
      Was this article helpful?
      What's Next