Limiting the upload of classified files to sensitive SharePoint Online sites - MCAS file policy

Highlighted
Senior Member

I'm working with a client who has rolled out AIP labels and is looking to block where users can post these files internally. Example: if I have a "sensitive" file (based on its label), can I prevent it from being uploaded to a SharePoint site with a specific label? (using site classification labels or property bag values) https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/modern-experience-site-classificat...

 

I've been able to configure the MCAS file policy to find the sensitive files based on their label and prevent their upload, but this either becomes a blanket policy across ALL SharePoint / OneDrive sites, or only specific folders that I have to manually select. Is there a faster way to assign this to sites based on their classification? 

3 Replies
Highlighted
Hi John,
Currently MCAS doesnt support reading site specific labels.
You need to configure the policy by selecting the sites according to your needs.

Regards,
Dima
Highlighted

@John Hodges I have the same requirement from a customer. I only managed to get this work for browser basedd access. All files with a specific label (Highly Confidential) can be blocked for up/download but only withi browser session because it is a session policy (enforced by conditional access). But it also notofies that  this wont work for desktop apps:

clipboard_image_0.png

But in "Access policies" i cannot filter based on file labels. Are there any plans to support this?

Highlighted

Same here - We are also looking into this use case. Any valuable input appreciated :)