You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/use-case-admin-quarantine.md
+20-20Lines changed: 20 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,8 +7,6 @@ ms.topic: tutorial
7
7
8
8
# Tutorial: Protect files with admin quarantine
9
9
10
-
11
-
12
10
[File policies](data-protection-policies.md) are a great tool for finding threats to your information protection policies. For instance, create file policies that find places where users stored sensitive information, credit card numbers, and third-party ICAP files in your cloud.
13
11
14
12
In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to detect unwanted files stored in your cloud that leave you vulnerable, and take immediate action to stop them in their tracks and lock down the files that pose a threat by using **Admin quarantine** to protect your files in the cloud, remediate problems, and prevent future leaks from occurring.
@@ -33,27 +31,27 @@ In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to d
33
31
34
32
1. Do one of the following actions to quarantine the file:
1. The user can only access the tombstone file. In the file, they can read the custom guidelines provided by IT and the correlation ID to give IT to release the file.
53
51
54
52
1. When you receive the alert that a file has been quarantined, go to **Policies** -> **Policy Management**. Then select the **Information Protection** tab. In the row with your file policy, choose the three dots at the end of the line, and select **View all matches**. This brings you the report of matches, where you can see the matching and quarantined files:
1. After a file is quarantined, use the following process to remediate the threat situation:
59
57
@@ -62,7 +60,7 @@ In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to d
62
60
1. If you find the file is against corporate policy, run the organization's Incident Response (IR) process.
63
61
1. If you find that the file is harmless, you can restore the file from quarantine. At that point the original file is released, meaning it's copied back to the original location, the tombstone is deleted, and the user can access the file.
1. Validate that the policy runs smoothly. Then, you can use the automatic governance actions in the policy to prevent further leaks and automatically apply an Admin quarantine when the policy is matched.
68
66
@@ -77,26 +75,28 @@ In this tutorial, you'll learn how to use Microsoft Defender for Cloud Apps to d
77
75
78
76
1. Set file policies that detect breaches. Examples of these types of policies include:
79
77
80
-
- A metadata only policy such as a sensitivity label in SharePoint Online
81
-
- A native DLP policy such as a policy that searches for credit card numbers
82
-
- An ICAP third-party policy such as a policy that looks for Vontu
78
+
- A metadata only policy such as a sensitivity label in SharePoint Online
79
+
- A native DLP policy such as a policy that searches for credit card numbers
80
+
- An ICAP third-party policy such as a policy that looks for Vontu
83
81
84
82
1. Set a quarantine location:
85
-
1. For Microsoft 365 SharePoint or OneDrive for Business, you can't put files in admin quarantine as part of a policy until you set it up:
To set admin quarantine settings, in the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Information Protection**, choose **Admin quarantine**. Provide a site for the quarantine folder location and a user notification that your user will receive when their file is quarantined.
> Defender for Cloud Apps will create a quarantine folder on the selected site.
88
+
To set admin quarantine settings, in the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Information Protection**, choose **Admin quarantine**. Provide a site for the quarantine folder location and a user notification that your user will receive when their file is quarantined.
93
89
94
-
1. For Box, the quarantine folder location and user message can't be customized. The folder location is the drive of the admin who connected Box to Defender for Cloud Apps and the user message is: This file was quarantined to your administrator's drive because it might violate your company's security and compliance policies. Contact your IT administrator for help.
> Defender for Cloud Apps will create a quarantine folder on the selected site.
94
+
95
+
1. For Box, the quarantine folder location and user message can't be customized. The folder location is the drive of the admin who connected Box to Defender for Cloud Apps and the user message is: This file was quarantined to your administrator's drive because it might violate your company's security and compliance policies. Contact your IT administrator for help.
95
96
96
97
## Next steps
97
98
98
99
> [!div class="nextstepaction"]
99
100
> [Best practices for protecting your organization](best-practices.md)
100
101
101
102
[!INCLUDE [Open support ticket](includes/support.md)]
0 commit comments