MCAS - block copy/paste and printing

%3CLINGO-SUB%20id%3D%22lingo-sub-1118169%22%20slang%3D%22en-US%22%3EMCAS%20-%20block%20copy%2Fpaste%20and%20printing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1118169%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20business%20case%20where%20we%20want%20to%20use%20MCAS%20to%20block%20copy%2Fpaste%20to%20pages%20and%20documents%20on%20one%20SharePoint%20site.%20the%20members%20are%20being%20monitored%20using%20a%20session%20policy.%20The%20block%20copy%2Fpaste%20and%20printing%20works%20pretty%20good%20when%20you%20want%20to%20limit%20it%20using%20a%20code%20snippet.%20The%20downside%20is%2C%20that%20the%20session%20monitoring%20does%20this%20for%20the%20entire%20SharePoint%20environment.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20there%20a%20way%20to%20limit%20this%20to%20a%20single%20site%20or%20block%20copy%2Fpaste%20for%20SharePoint%20documents%20and%20pages%20on%20a%20single%20site%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ekind%20Regards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1118169%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMCAS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esession%20policy%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1147344%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20-%20block%20copy%2Fpaste%20and%20printing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1147344%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20might%20be%20able%20to%20use%20information%20protection%20policies%20instead.%3CBR%20%2F%3E%3CBR%20%2F%3Eyou%20can%20label%20anything%20on%20that%20site%20with%20information%20protection%20labels%2C%20and%20configure%20the%20label%20with%20specific%20permission%20to%20block%20copy%20and%20other%20actions%20on%20the%20documents.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20labels%20will%20be%20applied%20when%20the%20document%20is%20downloaded%20and%20on%20every%20device%20it%20is%20opened%20with%20(windows%2FMac%2Fmobile)%3CBR%20%2F%3E%3CBR%20%2F%3EThx%2C%3CBR%20%2F%3E%3CBR%20%2F%3EShlomi%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1147451%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20-%20block%20copy%2Fpaste%20and%20printing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1147451%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F425203%22%20target%3D%22_blank%22%3E%40Fananico%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Fananico%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20as%20far%20as%20I%20know.%20you%20can't%20label%20the%20pages%20with%20AIP%20labels%20and%20if%20you%20put%20security%20encryption%20like%20that%20on%20and%20a%20document%20in%20SP.%20Sp%20can't%20read%20it.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1147498%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20-%20block%20copy%2Fpaste%20and%20printing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1147498%22%20slang%3D%22en-US%22%3EYes%2C%20that%20is%20correct%2C%20When%20Azure%20Information%20Protection%20encryption%20is%20applied%20to%20files%20stored%20in%20Office%20365%2C%20the%20service%20cannot%20process%20the%20contents%20of%20these%20files.%20Co-authoring%2C%20eDiscovery%2C%20search%2C%20Delve%2C%20and%20other%20collaborative%20features%20do%20not%20work.%20Data%20Loss%20Prevention%20(DLP)%20policies%20can%20only%20work%20with%20the%20metadata%20(including%20Office%20365%20labels)%20but%20not%20the%20contents%20of%20these%20files%20(such%20as%20credit%20card%20numbers%20within%20files).%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1156122%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20-%20block%20copy%2Fpaste%20and%20printing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1156122%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F525564%22%20target%3D%22_blank%22%3E%40ACDS-%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20ACDS%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAt%20this%20time%20Conditional%20Access%20App%20Control%20session%20policies%20cannot%20limit%20to%20individual%20SharePoint%20sites.%20However%2C%20we%20do%20have%20an%20active%20private%20preview%20regarding%20this%20feature.%20If%20you%20are%20interested%2C%20please%20email%20%3CA%20href%3D%22mailto%3Amcaspreview%40microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Emcaspreview%40microsoft.com%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi guys,

 

I have a business case where we want to use MCAS to block copy/paste to pages and documents on one SharePoint site. the members are being monitored using a session policy. The block copy/paste and printing works pretty good when you want to limit it using a code snippet. The downside is, that the session monitoring does this for the entire SharePoint environment. 

Is there a way to limit this to a single site or block copy/paste for SharePoint documents and pages on a single site? 

 

kind Regards

4 Replies
Hi,

You might be able to use information protection policies instead.

you can label anything on that site with information protection labels, and configure the label with specific permission to block copy and other actions on the documents.

The labels will be applied when the document is downloaded and on every device it is opened with (windows/Mac/mobile)

Thx,

Shlomi

@Fananico 

 

Hi Fananico

But as far as I know. you can't label the pages with AIP labels and if you put security encryption like that on and a document in SP. Sp can't read it. 

 

 

Yes, that is correct, When Azure Information Protection encryption is applied to files stored in Office 365, the service cannot process the contents of these files. Co-authoring, eDiscovery, search, Delve, and other collaborative features do not work. Data Loss Prevention (DLP) policies can only work with the metadata (including Office 365 labels) but not the contents of these files (such as credit card numbers within files).

@ACDS- 

 

Hi ACDS,

 

At this time Conditional Access App Control session policies cannot limit to individual SharePoint sites. However, we do have an active private preview regarding this feature. If you are interested, please email mcaspreview@microsoft.com.