Forum Discussion

Charles1575's avatar
Charles1575
Copper Contributor
Sep 11, 2023
Solved

Files Policy - Filter if the file is shared to a user that is a member of a specific group?

I am trying to create a files policy and I want to filter on if the external user is part of a AAD group or not? Depending on if the user is a member or not, I would want to take action on the file. ...
  • Keith_Fleming's avatar
    Keith_Fleming
    Sep 11, 2023

    Hi Charles1575, this currently isn't possible with MDA file policies today.  If you are looking at a policy for a Microsoft application, please also check with Purview because you can specify members here.

techtalk_nu's avatar
techtalk_nu
Copper Contributor
Sep 12, 2023

HI Charles1575 

I agree with Keith. But if you need to determine whether an external user is a "member of or not", consider the following approach:

 

File Policy: Create a file policy. Within this policy, whitelist specific domains. Based on the domains and the applied sensitivity labels, you can then remove external users. This ensures that only users from trusted domains have access to files with specific sensitivity labels.

 

Session Policy: Next, create a session policy using the type "Control file download (with inspection)". This policy allows you to set filters based on specific sensitivity labels. Under "Actions", you have the option to either "Block" or "Protect". If the goal is to prevent the download of sensitive files, opt for "Block".
With these steps, you can ensure that your sensitive files are only accessible to specific users, and any unauthorized attempts to download these files are blocked.

 

Mathias

Resources