Forum Discussion
DLP Policy Slow to Screen New Files in OneDrive For Business and SharePoint Online
Hello Everyone, I have enabled some DLP policies in Office 365 security center, and these apply to OneDrive for business and SharePoint Online. So far these policies are working and preventin...
At the very least, the document needs to be crawled by the search engine, which in SPO can take a while (I believe the minimum guarantee is around 15 mins, but it can take a lot less or lot more depending on the overall load).
The way DLP policies work against SPO/ODFB content is detailed here: https://support.office.com/en-us/article/Overview-of-data-loss-prevention-policies-1966b2a7-d1e2-4d92-ab61-42efbb137f5e?ui=en-US&rs=en-US&ad=US
- Hi, I have the same issue but in this case it takes more than 24 hours and to scan new files it takes more than 3 days, that is crazy. The link you provide it has a 404 Not found. Any idea how can we force to scan all my tenant in search of a matched rule or policy?
- Hi Vasil,
Thank you for your reply. This is unfortunate, as my organization is a financial institution. We value DLP over user productivity because the data we have simply can't get leaked. It seems the only way to guarantee that sensitive data won't get shared is to keep it on premise. Hopefully Microsoft will introduce a feature that can disallow sharing until DLP clears a document.Well if memory serves, the document will get locked upon detecting any DLP policy matches, so even if it was shared during that short interval, it will not be accessable by external users.
- Hi, I know this is more than 3 years old but we have the same situation.
I tried what you said and it does not do this. The external user is able to access the "illegal" content that was leaked.
So if someone is quick enough to share a file that has a big list of SSNs, the external user can access the content of that file without a problem.
This is a big security concern...
