Forum Discussion

DangerMouse's avatar
DangerMouse
Copper Contributor
Apr 09, 2019

Use Regular Expressions in CAS build-in DLP to find Document metadata

I have a scenario where a client would like to use cloud app security to apply AIP labels to files that are in a SharePoint online document library.  The documents have SharePoint metadata applied t...
Cloud App Security
Data Protection
DangerMouse's avatar
DangerMouse
Copper Contributor
Apr 11, 2019

 

Thanks for your response, Just wanted to add in some more detail to the problem:

 

This is my scenario:

 

  1. I have a SharePoint online document library with word documents stored in it.
  2. Each of the documents are worked on by multiple people who would indicate the status of the document via a Multi-value Choice list.  
  3. This value is written to the document as a “Document Property” 

 

 

Cloud App Security Question:

  • I need to set up a cloud app security file policy which applies an Azure Information protection Label to the documents based on this “Document Property” 

 

Testing done:

  • It looks like the cloud app security does not look at this “Document Property”, or I have not created the regular expression incorrectly.
  • I have noted that when this document is downloaded from the SharePoint site with the property set, it maintains the value, This value how ever is not seen in the metadata or “Advanced  Properties” of the document 
  • If I add this value in manually in advanced settings and upload the file back to the SharePoint site. The Cloud app Security policy rule works and applies the Label.

 

Dima Donhin 

Dima Donhin's avatar
Dima Donhin
Icon for Microsoft rankMicrosoft
Apr 11, 2019
From your description it sounds like this property isnt part of the file metadata as you cant see it in the file properties. Do you have more info on the way Sharepoint sets this?
  • DangerMouse's avatar
    DangerMouse
    Copper Contributor
    Apr 11, 2019

    From what i can see, this is a column added to the SharePoint Document library which is set to the "Choice" Type. Users would then choose a value.

    What i find strange is that when you download the document from the library, and open it on another device that property is still set. which indicates that the value is set on the document and stays with it.

    I was wondering if there is something that needed to be enabled, or form the regex to read this information. 

     

    My current regex is formed (?:documentvalue) which supposedly looks for "documentvalue" anywhere in the document. 

     

      Dima Donhin 

Resources