Forum Discussion
Remove a Collaborator Governance Action is not working
Hi Community,
I created a File Policy with a Governance Action to remove a specific user as a collaborator but it does not take effect. Scenario:
1. Create a File Policy that matches all files in OneDrive and SharePoint that has an access level of external and has collaborator mailto:user@contoso.com
2. Configure Governance Action to remove the collaborator mailto:user@contoso.com .
3. I can see alert for all the files that has matched the policy.
4. When I click on "View policy matches" > History I can see Actions --- Remove a collaborator is applied to those documents.
5. When I go to Investigate > Files and filter for all documents with collaborator mailto:user@contoso.com I can still see those documents with the collaborator mailto:user@contoso.com on it.
I have been waiting 2 days for the policy to take effect.
Hope someone can enlighten me on this.
Thank you!
Thank you for all the testing!
Raised this to MS Support and according to them it only works if the user has been added as a Direct Access not a shared link or the usual sharing that we do where we specify a specific user when sharing.
I really hope Microsoft would also support the remove collaboration when using the usual sharing.
10 Replies
Hi, I just tested this scenario, and it looks like the policy does not automatically remove the collaborator. In my test, I had to highlight one of the files, go to actions, and then select Remove a collaborator as shown below;
This succeeded in removing the collaborator from the file. Not a specific scenario of CAS I have tried before, but it looks to me like this may be the intended behaviour - IE, the policy matches and Investigate Files will show you the external collaborators - but then you have to explicitly remove the access.
PeterRising thank you for your response!
We are intending to do this to remove the permissions to external users. I believe that Governance Action should be a real time action once an activity has matched that policy.
https://docs.microsoft.com/en-us/cloud-app-security/governance-actions#file-governance-actions
Should this be automated?
Yes I agree that it should be automated as per the guidelines in the link you provided. Thus far, I cannot get it to automate the removal of a collaborator though - the same as you are facing.
What do you see if you click the cog wheel and select Governance log?
