The following is one of the options for the deployment of SphereShield for Teams & Webex.
Used for Channel Management, Near-real-time prevention, detection and awareness requirements.
Client 1 sends a message/file to client 2.
Client 2 receives the message.
Office 365 updates the Webhook Listener Site (WLS) that an action was done (Webhook)
WLS stores in the DB the action that was done.
CASB checks the DB for events, if it sees an event, it inspects it and decides if this is an allowed action.
If the action is not allowed, the CASB will delete/remove permissions in Office 365 cloud.
Office 365 cloud will delete/remove permissions from client 2
High level diagram for API
The sign-in scenario in a multi-tenant app