Configure Microsoft 365 Yammer for the Next Generation API Data Protection
To configure Microsoft 365 Yammer for the Next Generation API Data Protection, follow the instructions below.
Prerequisites
Before configuring Microsoft 365 Yammer for the Next Generation API Data Protection, review the prerequisite.
A global administrator account is required to grant access to Netskope.
Note
Netskope-Yammer integration relies on delegated permissions. Netskope recommends to create a dedicated service account (with global administrator role) exclusively for the Netskope integration. Revoking access to this service account will break the integration with Netskope. Creating a dedicated service account will ensure that the integration with Netskope will not break due to an exiting employee, and consequently a deactivation of the account.
The way permissions work in Azure/Office 365 is that Netskope requires an administrator to grant enough privileges for Netskope to perform specific actions. Note that the Netskope app does not receive global admin permissions. It only receives permissions for the scope Netskope requests.
Make sure the Microsoft 365 account has Yammer admin access. Check your organizations' Yammer page to make sure your account has Yammer admin access:
Log in to https://www.yammer.com/<replace with your-domain-name>/admin/set_admins.
On the left navigation, click Admins and under Current Admins, ensure that the account you logged in with is displayed in the list.
Figure 23. Microsoft 365 Yammer Current Admin List
You must turn on audit logging in Microsoft 365 admin center. To enable audit logging, follow the steps below:
Log in to https://compliance.microsoft.com/.
On the left navigation, click Audit.
If auditing is not turned on for your organization, a banner is displayed prompting you to start recording user and admin activity.
Figure 24. Enable Audit Logging in Microsoft 365 Admin Center
Click the Start recording user and admin activity banner.
Note
It may take up to 60 minutes for the change to take effect.
After enabling, the first application event contents can take up to 12 hours to show up in Skope IT.
Configure Netskope to Access your Microsoft 365 Yammer Account
To authorize Netskope to access your Microsoft 365 Yammer account, follow the steps below:
Log in to the Netskope tenant UI: https://<tenant hostname>.goskope.com and go to Settings > API-enabled Protection > SaaS > Next Gen.
Under Apps, select Yammer and click Setup Yammer Instance.
The Microsoft Login window opens.
Enter the global administrator username and password.
Keep Consent on behalf of your organization unchecked and Accept the permissions.
Figure 25. Microsoft 365 Yammer Permissions
The Netskope CASB API app is installed in Azure AD with additional permissions once you grant access to the Microsoft 365 Yammer app.
After accepting the permissions, you will be redirected to the successful result page. Click Close.
Refresh your browser, and you should see a green check icon next to the instance name.
Next, you can can view the Next Generation API Data Protection Inventory page to get deep insights on various entities on your Microsoft 365 Yammer account. For more information on the Inventory page, see Next Generation API Data Protection Inventory.
You can receive audit events and standard user behavior analytic alerts in Skope IT. To know more: Next Generation API Data Protection Skope IT Events.
Next, you should configure a Next Generation API Data Protection policy. To do so, see Next Generation API Data Protection Policy Wizard.