Can I force a mcas file policy to run on-demand?

%3CLINGO-SUB%20id%3D%22lingo-sub-952029%22%20slang%3D%22en-US%22%3ECan%20I%20force%20a%20mcas%20file%20policy%20to%20run%20on-demand%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-952029%22%20slang%3D%22en-US%22%3E%3CP%3EI%20created%20a%20file%20policy%20to%20scan%20OneDrive%20for%20a%20test%20file%20and%20remove%20the%20external%20sharing%20link.%20But%20I%20do%20not%20know%20when%20mcas%20will%20invoke%20this%20policy%20and%20do%20the%20scan.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20How%20does%20one%20typically%20test%20MCAS%20file%20policy%3F%3C%2FP%3E%3CP%3E2)%20Is%20there%20a%20way%20to%20check%20when%20is%20the%20last%20time%20mcas%20did%20an%20API%20scan%20of%20OneDrive%2C%20and%20what%20is%20the%20next%20scheduled%20scan%2C%20or%3C%2FP%3E%3CP%3E3)%20does%20the%20user%20have%20the%20ability%20to%20perform%20an%20on-demand%20scan%20so%20I%20can%20test%20a%20particular%20policy%20right%20away%3F%3C%2FP%3E%3CP%3E4)%20Is%20there%20a%20way%20to%20view%20verbose%20file%20policy%20execution%20logs%20to%20see%20why%20policy%20doesn't%20pick%20up%20a%20sensitive%20file%20as%20the%20policy%20is%20designed%20to%20capture%2C%20to%20tune%20file%20policy%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-952029%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-963797%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20force%20a%20mcas%20file%20policy%20to%20run%20on-demand%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-963797%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F331236%22%20target%3D%22_blank%22%3E%40dennisxu%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20Denis%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20capability%20is%20not%20available%20today%20but%20function%20we're%20planning%20on%20introducing%20in%20the%20product.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20The%20best%20way%20to%20test%20a%20file%20policy%20is%20to%20create%20a%20policy%20scoped%20to%20a%20specific%20user%20and%2For%20application%20and%20then%20upload%20a%20file%20containing%20a%20sensitive%20information%20type.%20Once%20it's%20uploaded%20-%20you%20could%20search%20for%20it%20in%20the%20files%20page%20and%20see%20if%20it's%20been%20scanned%20and%20if%20there%20is%20match.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.%20We%20don't%20provide%20time%20frames%20however%20if%20you%20go%20to%20the%20files%20page%20-%26gt%3B%20click%20on%20a%20file%20-%26gt%3B%20you'll%20be%20able%20to%20see%20if%20it%20was%20scanned.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E3.On-demand%20scans%20are%20a%20functionality%20we're%20currently%20investigating%20and%20planning%20on%20bringing%20into%20the%20product.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E4.%20I%20would%20recommend%20looking%20at%20this%20document%20to%20see%20what%20the%20criteria%20is%20for%20us%20to%20identity%20a%20sensitive%20information%20type.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fwhat-the-sensitive-information-types-look-for%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fwhat-the-sensitive-information-types-look-for%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-964824%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20force%20a%20mcas%20file%20policy%20to%20run%20on-demand%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-964824%22%20slang%3D%22en-US%22%3EThanks%20Banu!%3C%2FLINGO-BODY%3E
Occasional Contributor

I created a file policy to scan OneDrive for a test file and remove the external sharing link. But I do not know when mcas will invoke this policy and do the scan.

 

1) How does one typically test MCAS file policy?

2) Is there a way to check when is the last time mcas did an API scan of OneDrive, and what is the next scheduled scan, or

3) does the user have the ability to perform an on-demand scan so I can test a particular policy right away?

4) Is there a way to view verbose file policy execution logs to see why policy doesn't pick up a sensitive file as the policy is designed to capture, to tune file policy? 

2 Replies

@dennisxu 

 

Hi Denis, 

 

This capability is not available today but function we're planning on introducing in the product. 

 

1. The best way to test a file policy is to create a policy scoped to a specific user and/or application and then upload a file containing a sensitive information type. Once it's uploaded - you could search for it in the files page and see if it's been scanned and if there is match. 

 

2. We don't provide time frames however if you go to the files page -> click on a file -> you'll be able to see if it was scanned. 

 

3.On-demand scans are a functionality we're currently investigating and planning on bringing into the product. 

 

4. I would recommend looking at this document to see what the criteria is for us to identity a sensitive information type. 

 

https://docs.microsoft.com/en-us/microsoft-365/compliance/what-the-sensitive-information-types-look-...

 

 

 

Thanks Banu!