06-26-2020 07:23 AM
06-26-2020 07:23 AM
I used a file policy to automatically label every document in a SharePoint folder with a sensitivity label (unified), which applies encryption and has a pre-configured (not user-specified) permission. Normally, when documents are labelled with that pre-configured label manually, and when they are uploaded to a SharePoint site, the labels are recognized and the documents can be opened in Word on the web (e.g. Excel or PowerPoint) for co-authoring. However, when documents are labelled automatically by Cloud App Security by a file policy. The documents' labels are not recognized in SharePoint and those documents cannot be open for co-authoring. Is it an expected behavior or there are some settings that I have missed?!
The encryption applied to the documents are owned by whom? I notice the "Modified By" column in SharePoint lists out the user "SharePoint App" for that document. Does it mean the document is encrypted under the "SharePoint App" user account? and how do I use it to decrypt it if necessary?
06-26-2020 07:23 PM - edited 06-26-2020 07:25 PM
@PeterRising Thanks. A screen shot showing the policy is now attached. Basically, the policy specifies a folder in SharePoint and it will automatically apply a sensitivity label to every file under that folder.
06-27-2020 10:45 AM - edited 06-27-2020 12:59 PM
So, I recreated your policy and the label auto applies. However, when I try and open an existing file in the SharePoint Online library in the browser, I get this message;
And if I try and open in the Word app I get the following;
Is this the same as what you are seeing?
Weirdly though, if I create a new file in the library, the policy matches and I can continue to access the document.
06-28-2020 01:25 AM
No, I am unable to open the document in Word Online. As I said, this document existed already in the doc library before I created the MCAS file policy. If I now create a new doc, it works as expected. Very strange.
I'm going to play around with this some more. In the meantime, I would recommend opening a Microsoft support case to see if they can advise on this behaviour.