Safetica integration with Office 365

Learn more about Safetica integration with Microsoft Exchange Online, OneDrive and SharePoint.

If you are configuring your Office 365 integration for the first time or if you are setting up a new Azure tenant, please perform the steps mentioned in this knowledge base article.

The steps below are applicable for Safetica 10.3.86 or higher.


In this article, you will learn:


Safetica brings automated and simplified configuration of auditing and protection features for your e-mails and files stored in the cloud. Thanks to Office 365 integration, you will be able not only to audit cloud e-mails and files, but also to protect your e-mail using configured Safetica DLP policies. WebSafetica service is required for this integration to work correctly.


Grant Safetica permissions in Azure tenant

To be able to configure all the features mentioned below, you will need to log in to your Azure tenant with administrator rights so that Safetica is granted the necessary permissions. These permissions are only granted temporarily for the configuration of the needed settings.

For now, Safetica can only connect to one tenant at a time. If you would like to switch to a different tenant, Safetica must perform a cleanup of settings. This might take a while, and you will only be able to connect to another tenant once the cleanup is finished. 


Safetica Exchange Online audit and protection

In Safetica, you can both audit your cloud e-mail and protect it using your DLP policies.

DLP protection is only available in Safetica Protection and Safetica Enterprise. Safetica Discovery contains auditing features.

The auditing feature uses e-mail settings from Safetica Discovery to monitor files moving through the cloud.


The DLP policy integration supports general policies and metadata-based policies. Application, sensitive content, context rules, or file properties policies are not applied.


Safetica DLP policies are applied to matching Azure AD users (e.g. root DLP policy will be applied to all Azure AD users present in the Safetica user tree; a policy for a specific node will only be applied to the Azure AD users belonging to this node etc.). DLP policies are applied, regardless of whether users have Safetica Client installed on their computers or not.

To enable auditing and/or Safetica DLP protection for your Exchange Online cloud e-mails:

  1. Log in to Safetica Management Console.
  2. Go to Maintenance -> Integration settings -> Office 365 Integration.
  3. To enable the auditing feature, use the Audit and log Office 365 e-mail .
  4. To enable Safetica DLP protection, use the Apply Safetica DLP policies to Office 365 e-mail slider.
  5. Click []. An Azure tenant sign-in window may appear.


Safetica OneDrive and SharePoint audit

Safetica can also perform file monitoring for OneDrive and SharePoint, so you can see what files are downloaded or publicly shared. Audit logs, however, can currently only be viewed in WebSafetica under Data Security/Office 365

To enable this feature:

  1. Log in to Safetica Management Console.
  2. Go to Maintenance -> Integration settings -> Office 365 Integration.
  3. Enable this feature by using the Audit and log Office 365 file operations slider.
  4. Click []. An Azure tenant sign-in window may appear.

You can learn more about Office 365 integration in this introduction video: