SharePoint Protect files on download loophole?

%3CLINGO-SUB%20id%3D%22lingo-sub-1046693%22%20slang%3D%22en-US%22%3ESharePoint%20Protect%20files%20on%20download%20loophole%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1046693%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20created%20a%20CAS%20policy%20to%20%22Control%20file%20download%20(with%20DLP)%22%20on%20for%20Guest%20users.%20I%20have%20the%20policy%20set%20to%20apply%20a%20protective%20Sensitivity%20Label%20and%20to%20%22Block%20download%20of%20any%20file%20that%20is%20unsupported...%22%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20works%20fine%20when%20trying%20to%20download%20individual%20files%20from%20SharePoint.%20However%20if%20I%20select%20multiple%20files%2C%20SharePoint%20zips%20them%20all%20up%20and%20downloads%20the%20zip%20file%20with%20no%20protection%20on%20the%20zip%20or%20the%20files%20within%20the%20zip.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20a%20bug%2C%20or%20am%20I%20missing%20something%3F%26nbsp%3B%20For%20now%20I've%20created%20another%20policy%20that%20blocks%20all%20zip%20files%20from%20SharePoint%20as%20a%20workaround.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1046693%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1070826%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Protect%20files%20on%20download%20loophole%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1070826%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F236218%22%20target%3D%22_blank%22%3E%40Gregory%20Gilbert%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe're%20aware%20of%20this%20and%20are%20looking%20into%20it.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20your%20feedback.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1177375%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20Protect%20files%20on%20download%20loophole%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1177375%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F177014%22%20target%3D%22_blank%22%3E%40Banu%20Jafarli%3C%2FA%3E%26nbsp%3Bare%20there%20any%20updates%20on%20closing%20this%20loophole%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I've created a CAS policy to "Control file download (with DLP)" on for Guest users. I have the policy set to apply a protective Sensitivity Label and to "Block download of any file that is unsupported..."  

 

This works fine when trying to download individual files from SharePoint. However if I select multiple files, SharePoint zips them all up and downloads the zip file with no protection on the zip or the files within the zip.

 

Is this a bug, or am I missing something?  For now I've created another policy that blocks all zip files from SharePoint as a workaround.

2 Replies

@Gregory Gilbert 

 

We're aware of this and are looking into it. 

 

Thank you for your feedback. 

@Banu Jafarli are there any updates on closing this loophole?