Email Based Discovery FAQ

What is email-based discovery?

Email-based discovery lets you detect systems and accounts used by any of your company's employees and get insights on which systems are used and which are not.

It scans metadata and subject lines to discover up to 95% of your managed and unmanaged data sources more quickly versus scans from competing privacy vendors. It deducts employee system access, usage frequency and department based on the number and context of the emails received, helping you illuminate shadow IT and more easily diagnose the compliance relevancy and risk profile of data sources from square one.

Other data source discovery scans from MineOS follow traditional methodologies for finding data sources in-use by the company, and can be deployed contiguously with the email scan in order to find a wider array of systems - though we always begin with email and it is usually widely effective.

Regardless of which data source discovery scans you use, Mine's auto-discovery is real-time and continuous, allowing you to immediately recognize and monitor new data sources as they are added by employees, and see the reflected in your data inventory.

How does it work?

By detecting signups, invites, and other meaningful interactions employees receive from companies, MineOS is able to identify any accounts and systems they interact with.

What about security and privacy?

Email-based discovery was built with privacy and security in mind:

• MineOS only processes email metadata (from, to, date, subject). It never processes email content/attachments.
• MineOS only processes emails received from companies. It does not process emails employees send, or personal communication inside the company or with external entities.
• All data is processed in memory and nothing is stored anywhere.

MineOS connects to your email provider using API and authenticated using OAuth 2.0:

• All data is accessed over an encrypted and secure TLS channel.
• MineOS is authorized with the minimal set of permissions required to operate. These permissions are documented at the end of this article.
• You always have control; You can revoke the access at any time from your own systems, and you can control on which employees this is used.
• You can enable API audit logs and monitor the activity done by MineOS.

Read more about security and privacy at Mine.

How to set up email-based discovery?

All discovery tools are set up using the Radar screen. Specifically, email-based discovery setup is very simple and involves a single step: authorizing MineOS with the required permissions to your email provider. Once set up, MineOS will continuously discover systems and employees and add them to the Radar screen.

The following pages describe the setup process for specific providers:

• Google Workspace connection steps are here.
• Microsoft 365 connection steps are here.

Which permissions does Mine require for email-based discovery?

Please take a look at the table below for the permissions required depending on the provider you use.

Microsoft 365

Microsoft Graph API permissions reference: https://learn.microsoft.com/en-us/graph/permissions-reference

Google Workspaces

Google APIs permissions reference:

• https://developers.google.com/gmail/api/auth/scopes
• https://developers.google.com/admin-sdk/directory/v1/guides/authorizing