Edit

How Defender for Cloud Apps helps protect your NetDocuments environment

As a productivity and collaboration cloud solution, NetDocuments holds sensitive information for an organization. Any abuse of NetDocuments by a malicious actor or any human error might expose an organization's most critical assets and services to potential attacks.

Connecting NetDocuments to Defender for Cloud Apps gives security teams improved insights into NetDocuments activities and provides threat detection for anomalous behavior.

Main threats to your NetDocuments environment

NetDocuments environments face the following key security threats:

  • Compromised accounts and insider threats

  • Data leakage

  • Insufficient security awareness

  • Unmanaged bring your own device (BYOD)

How Defender for Cloud Apps helps to protect your environment

Defender for Cloud Apps helps protect your NetDocuments environment with the following best practices:

Control NetDocuments with policies

The following table lists the policy types you can use to control NetDocuments:

Type Name
Built-in anomaly detection policy Activity from anonymous IP addresses
Activity from infrequent country
Activity from suspicious IP addresses
Impossible travel
Activity performed by terminated user (requires Microsoft Entra ID as IdP)
Unusual file share activities
Unusual file deletion activities
Unusual administrative activities
Unusual multiple file download activities
Activity policy Built a customized policy by the NetDocuments Audit Log activities

Note

Login/Logouts activities aren't supported by NetDocuments.

For more information about creating policies, see Create a policy .

Automate governance controls

In addition to monitoring for potential threats, you can apply and automate the following NetDocuments governance actions to remediate detected threats:

Type Action
User governance Notify user on alert (via Microsoft Entra ID)
Require user to sign in again (via Microsoft Entra ID)
Suspend user (via Microsoft Entra ID)

For more information about remediating threats from apps, see Governing connected apps.

Protect NetDocuments in real time

Review our best practices for securing and collaborating with external users and blocking and protecting the download of sensitive data to unmanaged or risky devices.

SaaS security posture management (Preview)

After you connect NetDocuments to Microsoft Defender for Cloud Apps, you automatically get security posture recommendations for NetDocuments in Microsoft Secure Score. In Secure Score, select Recommended actions and filter by Product = NetDocument. NetDocument supports security recommendations to Adopt SSO (Single sign on) in NetDocument.

For more information about SaaS security posture management and Microsoft Secure Score, see:

Connect NetDocuments to Microsoft Defender for Cloud Apps

This section provides instructions for connecting Microsoft Defender for Cloud Apps to your existing NetDocuments account using the App Connector APIs. The Defender for Cloud Apps connection to NetDocuments gives administrators visibility into and control over their organization's NetDocuments use.

Configure NetDocuments

Perform the following steps in NetDocuments to collect the values needed for the connector setup:

  1. Sign in to your NetDocuments account with a Full NetDocuments Repository Admin user.

  2. Copy your repository ID. You enter the repository ID in the Repository ID field when you configure Defender for Cloud Apps.

  3. Copy your account URL. You enter the account URL in the Application URL field when you configure Defender for Cloud Apps. Make sure that the account URL matches one of the following NetDocuments service URLs.

    Location URL
    United Kingdom https://eu.netdocuments.com
    Australia https://au.netdocuments.com
    Germany https://de.netdocuments.com
    United States or any other location https://vault.netvoyage.com

Configure Defender for Cloud Apps

Perform the following steps in Defender for Cloud Apps to create the NetDocuments connector:

  1. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors.

  2. In the App connectors page, select +Connect an app, followed by NetDocuments.

  3. In the connector setup window, give the connector a descriptive name, and select Next.

    Screenshot of the NetDocuments connection screen prompting the user to name the connector.

  4. In the Enter details screen, enter the Repository ID and Application URL values:

    • Repository ID: the app repository ID that you saved.
    • Application URL: the URL that you saved.
  5. Select Next.

  6. Select Connect NetDocuments.

  7. In the Microsoft Defender Portal, select Settings. Then choose Cloud Apps. Under Connected apps, select App Connectors. Make sure the status of the connected App Connector is Connected.

Rate limits and limitations

Be aware of the following rate limits and limitations for the NetDocuments connector:

  • The default rate limit is 100,000 requests per minute.
  • Login/Logouts activities aren't supported by NetDocuments.

Next steps