You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-cloud-apps/data-protection-policies.md
+12-8Lines changed: 12 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,9 @@ The following are examples of file policies that can be created:
46
46
47
47
## Prerequisites
48
48
49
-
To set up the first File Policy in a tenant, you need Microsoft Entra **Service Principal** permissions. **Service Principal** permissions are only automatically given if no file policy exists yet. After the first file policy is created, you can create more without needing those permissions.
49
+
To set up the first File Policy in a tenant, you need:
50
+
- Microsoft Entra **Service Principal** permissions. <br>
51
+
**Service Principal** permissions are only automatically given if no file policy exists yet. After the first file policy is created, you can create more without needing those permissions.
50
52
51
53
52
54
## Create a new file policy
@@ -79,7 +81,7 @@ To create a new file policy, follow this procedure:
79
81
80
82
1. Under the **Select user groups** filter, select either **all file owners**, **file owners from selected user groups** or **all file owners excluding selected groups**. Then select the relevant user groups to determine which users and groups should be included in the policy.
81
83
82
-
1. Select the **Content inspection method**. We recommend using the [**Data Classification Services**](content-inspection.md).
84
+
1. Select the **Content inspection method**. We recommend using the [**Data Classification Services**](content-inspection.md).
83
85
84
86
Once content inspection is enabled, you can choose to use preset expressions or to search for other customized expressions.
85
87
@@ -94,16 +96,17 @@ To create a new file policy, follow this procedure:
94
96
95
97
-**Create an alert for each matching event with the policy's severity**
96
98
-**Send an alert as email**
97
-
-**Daily alert limit per policy**. Note that governance actions are not impacted by the daily alert limit.
99
+
-**Daily alert limit per policy**. Governance actions aren't impacted by the daily alert limit.
98
100
-**Send alerts to Power Automate**
99
-
-
101
+
100
102
1. Choose the **Governance** actions you want Defender for Cloud Apps to take when a match is detected. Be careful when you set governance actions, they could lead to irreversible loss of access permissions to your files.
101
103
102
-
1. Once you've created your policy, you can view it by filtering for the **File policy** type. You can always edit a policy, calibrate its filters, or change the automated actions. The policy is automatically enabled upon creation and starts scanning your cloud files immediately. We recommended narrowing down the filters using multiple search fields to get the files that you want to work with, . The narrower the filters, the better. You can use the **Edit and preview results** button next to the filters.
104
+
1. Once you've created your policy, you can view it by filtering for the **File policy** type. You can always edit a policy, calibrate its filters, or change the automated actions. The policy is automatically enabled upon creation and starts scanning your cloud files immediately. We recommended narrowing down the filters using multiple search fields to get the files that you want to work with. The narrower the filters, the better. You can use the **Edit and preview results** button next to the filters.
103
105
104
-
:::image type="content" source="media/file-policy-edit-and-preview-results.png" alt-text="Screenshot that shows how you can see a preview of the filtered results for file policies.":::
106
+
:::image type="content" source="media/file-policy-edit-and-preview-results.png" alt-text="Screenshot that shows how you can see a preview of the filtered results for file policies.":::
105
107
106
-
1. To view file policy matches, files that are suspected to violate the policy, go to **Policies** -> **Policy management**. Filter the results to display only the file policies using the **Type** filter at the top. For more information about the matches for each policy, under the **Count** column, select the number of **matches** for a policy. Alternatively, select the three dots at the end of the row for a policy and choose **View all matches**. This opens the **File policy report**. Select the **Matching now** tab to see files that currently match the policy. Select the **History** tab to see a history back to up to six months of files that matched the policy.
108
+
109
+
1. To view file policy matches, go to **Policies** -> **Policy management**. Here you can see files that are suspected to violate the policy. Filter the results to display only the file policies using the **Type** filter at the top. For more information about the matches for each policy, under the **Count** column, select the number of **matches** for a policy. Alternatively, select the three dots at the end of the row for a policy and choose **View all matches**. This opens the **File policy report**. Select the **Matching now** tab to see files that currently match the policy. Select the **History** tab to see a history back to up to six months of files that matched the policy.
107
110
108
111
## Limitations
109
112
@@ -193,6 +196,7 @@ Below is a list of the file filters that can be applied:
193
196
> [!NOTE]
194
197
> - This filter doesn't support files that were shared with a group, only with specific users.
195
198
> - This filter doesn't support files shared with a specific user through a shared link for SharePoint and OneDrive.
199
+
> - When files are uploaded to SharePoint, OneDrive, etc., the **Collaborator > Domains** field automatically includes the domain of the file owner. If you use the **Any from domain** filter with the **does not contain** condition to exclude your organization's domain, files owned by users in your domain may be ignored by the policy.
196
200
197
201
-**Entire organization** – If the entire organization has access to the file.
198
202
@@ -216,7 +220,7 @@ Labels include:
216
220
-**Microsoft Purview Information Protection** - Requires integration with Microsoft Purview Information Protection.
217
221
-**Defender for Cloud Apps** - Provides more insight into the files it scans. For each file scanned by Defender for Cloud Apps DLP, you can know if inspection was blocked because the file is encrypted or corrupted. For example, you can set up policies to alert and quarantine password-protected files that are shared externally.
218
222
-**Azure RMS encrypted** – Files whose content wasn't inspected because they have an Azure RMS encryption set.
219
-
-**Password encrypted** – Files whose content wasn't inspected because they're password protected by the user.
223
+
-**Password encrypted** – Files whose content wasn't inspected because they were password protected by the user.
220
224
-**Corrupt file** – Files whose content wasn't inspected because their contents couldn't be read.
221
225
222
226
-**File type** – Defender for Cloud Apps scans the file to determine whether the true file type matches the MIME type received (see table) from the service. This scan is for files that are relevant for data scan (documents, images, presentations, spreadsheets, text, and zip/archive files). The filter works per file/folder type. For example, *All folders that are ...* or *All spreadsheet files that are...*
0 commit comments