Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

policy for File shared with unauthorized domain in MCAS

Copper Contributor

How can i create a policy for File shared with unauthorized domain in MCAS.

 

I used the template present in MCAS, however its not working. Because i shared multiple files with an external domain, but none were detected by the filter. Kindly help

 

manish121465_0-1589814108508.png

@Christian Bergström (@bec064) 

 

9 Replies

@manish121465 

 

Had this same problem the other day so also interested in a solution.

 

My filter is the same as yours: 

 

Files matching all of the following

  • Collaborators - Any from domain - contains - domain.com
  • Apply to all files, all file owners
  • Create an alert for each matching file

Governance actions

  • Remove external users

When I preview the results, there's nothing, but when I go to Investigate > Files, I can see user@domain.com as a named sharing user.  IE, they were chosen as 'specific people' in the sharing dialogue, not a universal link.  If I change the query to be user@domain.com, it returns successfully.  So something's going wrong with picking up the domain only.

@manish121465 - sorry for the delay in replying to this.  Despite you mentioning me, I did not get a notification of this post.

 

@Ru - Hey mate!

 

Right, I've done the same as you both and am seeing the same issue.  Asked Microsoft support just now and they are telling me to wait 24 hours for the policy to propagate.  Have either of you found that your policies have kicked into life since you posted?

@PeterRising @manish121465 @Ru 

Folks did you have any luck?

 

I am currently asking MS Support if there any issues adding over 1,000 Domains in File Policy files matching Collaborators -> Any from domain. They don't know of any limits, however with AIP there is :(

RuleBlob: The length of the property is too long. The maximum length is 16384

@David Taig 

 

I've had a call open with Microsoft about this since I last posted here.  They keep telling me that they are looking into it but I've had no progress as yet.

@PeterRising @manish121465 @Ru 

 

The filter ‘Collaborators’ -> ‘Any from Domain’ works only for collaborators who have been provided Direct Access. If a file was shared using a sharing link, this filter does not work. Is this your situation?

 

@David Taig  They were chosen as 'specific people' in the sharing dialogue, not a universal link.  I presume that's the supported scenario? 

@PeterRising - did you ever get a response from Microsoft? Were you able to get this to work?
We have same issue, did you manage to find a solution?
we have the same problem did anyone manage to get this to work?