You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/governance-actions.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -84,21 +84,17 @@ The following governance actions can be taken for connected apps either on a spe
84
84
-**Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint)
85
85
86
86
These actions are restricted to users with specific administrative roles. If the options described are not visible or accessible, please confirm with your system administrator that your account has one of the following roles assigned:
87
-
- Security Operator
87
+
- Security Operator
88
88
- Security administrator
89
89
- Global administrator
90
90
- Cloud app security administrator
91
91
92
92
:::image type="content" source="media/governance-actions/governance-actions-dropbox-google-workspace.png" alt-text="Screenshot that shows malware governance actions." lightbox="media/governance-actions/governance-actions-dropbox-google-workspace.png":::
93
93
94
94
> [!NOTE]
95
-
> In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries (SharePoint Online) and files in the Documents library (OneDrive for Business).
96
-
>
97
-
> Microsoft Defender for Microsoft 365 customers can control detected malware files in SharePoint and OneDrive via the [Microsoft Defender XDR **Quarantine** page](https://security.microsoft.com/quarantine?viewid=Files). For example, supported activities include recovering files, deleting files, and downloading files in password-protected ZIP files. These activities are limited to files that were not already quarantined by Microsoft Defender for Cloud Apps.
98
-
> In SharePoint, Defender for Cloud Apps supports quarantine tasks only for files with Shared Documents in path in English.
99
-
>
95
+
> In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries and only for files with Shared Documents in path in English (SharePoint Online) and files in the Documents library (OneDrive for Business). In addition, you must [enable the service principal](/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http) to get Malware detection and response support (this service API is enabled by default). Once API is enabled, Defender for Cloud Apps starts getting the logs (with a delay of 24-72 hours).
96
+
> Microsoft Defender for Microsoft 365 customers can control detected malware files in SharePoint and OneDrive via the [Microsoft Defender XDR ](https://security.microsoft.com/quarantine?viewid=Files)**[Quarantine](https://security.microsoft.com/quarantine?viewid=Files)**[ page](https://security.microsoft.com/quarantine?viewid=Files). For example, supported activities include recovering files, deleting files, and downloading files in password-protected ZIP files. These activities are limited to files that were not already quarantined by Microsoft Defender for Cloud Apps.
100
97
> Actions will only show for connected apps.
101
-
>
102
98
103
99
## Activity governance actions
104
100
@@ -113,6 +109,7 @@ These actions are restricted to users with specific administrative roles. If the
113
109
-**Governance actions in apps** - Granular actions can be enforced per app, specific actions vary depending on app terminology.
114
110
115
111
-**Suspend user** – Suspend the user from the application.
112
+
116
113
> [!NOTE]
117
114
> If your Microsoft Entra ID is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment will override the Microsoft Entra settings and this governance action will be reverted.
0 commit comments