You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/content-inspection.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,11 +17,10 @@ You can also define which file elements are inspected—content, metadata, or fi
17
17
18
18
## Prerequisites
19
19
20
-
Before you can inspect encrypted files, you must grant one-time admin consent. This action can only be performed by a [Global Administrator](/entra/identity/enterprise-apps/configure-admin-consent-workflow)
20
+
To inspect encrypted files, a [Global Administrator](/entra/identity/enterprise-apps/configure-admin-consent-workflow) must first grant one‑time admin consent to Defender for Cloud Apps in Microsoft Entra ID.
21
21
22
-
1. In the Defender portal, go to **Settings > Cloud Apps > Microsoft Information Protection > Inspect protected files**.
22
+
To do this, in the Defender portal go to **Settings > Cloud Apps > Microsoft Information Protection > Inspect protected files**, and select **Grant permission**.
23
23
24
-
1. Select Grant permission and to grant Defender for Cloud Apps permission in Microsoft Entra ID.
25
24
26
25
## Content inspection for protected files
27
26
@@ -40,7 +39,9 @@ The following app IDs apply based on your Microsoft cloud environment:
40
39
| GCCM | 23105e90-1dfc-497a-bb5d-8b18a44ba061 |
41
40
42
41
>[!NOTE]
43
-
>These app IDs represent the internal service principal used by Defender for Cloud Apps in each environment (Public, Fairfax, and GCCM) to enable inspection and enforcement of protected files. Disabling or removing this app breaks inspection and prevent DLP policies from applying to protected files. Always verify that the app ID for your environment is present and enabled to maintain inspection and enforcement capabilities.
42
+
>App IDs are internal service principals used by Defender for Cloud Apps in Public, Fairfax, and GCC‑M environments to inspect and enforce DLP policies on protected files.
43
+
>Don't remove or disable these App IDs. Doing so breaks inspection and prevent DLP policies from applying to protected files.
44
+
>Always verify that the App ID for your environment is present and enabled.
44
45
45
46
## Configure Microsoft Information Protection settings
46
47
@@ -59,7 +60,7 @@ In order to give Defender for Cloud Apps the necessary permissions:
59
60
60
61
1. In the Defender portal, go to **Settings > Cloud Apps > Policies > Policy management**.
61
62
1. Follow the steps to [create a new file policy](data-protection-policies.md#create-a-new-file-policy).
62
-
1. Select either **Apply to all files**, or **Apply to selected files** to specify which files will be scanned. This option is useful if you have an inner classification keyword standard that you want to exclude from the policy.
63
+
1. Select either **Apply to all files**, or **Apply to selected files** to specify which files to scan. This option is useful if you have an inner classification keyword standard that you want to exclude from the policy.
63
64
1. Select **Inspection method** > **Data Classification Service** to enable content inspection for the policy.
64
65
1. Check both boxes - **Inspect protected files** and **Unmask the last 4 characters of a match**.
0 commit comments