Forum Discussion
What is "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints" in Cloud Apps
Hi all! I have a Cloud Apps "Cloud Discovery anomaly detection policy" active, which alerts when Data exfiltration to an app that is not sanctioned. This helps me understand, when a user tries to...
Hi Leon
Thanks for your response. I still not understand the behaviour of the alert from Cloud Apps and how to respond to it. Do you have an example, when "... infra Endpoint" and normal Onedrive / Sharepoint is used?
In the meantime I had a discussion with the user and he created large VM disk files within his Documents Folder, which is synced to Onedrive. I do not understand why the alert comes up in the App "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints" and not in conventional Onedrive / Sharepoint.
Any ideas? Thanks a lot, appriciate your time!
Regards,
Adii
Thanks for your response. I still not understand the behaviour of the alert from Cloud Apps and how to respond to it. Do you have an example, when "... infra Endpoint" and normal Onedrive / Sharepoint is used?
In the meantime I had a discussion with the user and he created large VM disk files within his Documents Folder, which is synced to Onedrive. I do not understand why the alert comes up in the App "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints" and not in conventional Onedrive / Sharepoint.
Any ideas? Thanks a lot, appriciate your time!
Regards,
Adii
Hi adiii,
the reason the alert appears in the app "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints" instead of the conventional OneDrive/SharePoint is connected to specific network traffic patterns associated with the upload.
The "Infra Endpoints" can be involved in handling such large data transfers, so it triggers the alert.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
- Hi Leon
Appologize but it still makes no sence to me (from an Incident Response point of view, not because of large traffic handling on the client). In Cloud Apps you can't see the data within the alert / Incident, when the data is uploaded to "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints". It only tells me the amount of data and from where to where. So you need to check manually whats on the Endpoint and whats in the conventional onedrive. So there is a lack of visibility in this specific case, because the alert goes to the "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints" and not to the conventional one.
Regards,
Adii