Forum Discussion
File Shared with unauthorized domain
Hello all,
I wanted to share an integration issue I've encountered with the Azure AD domain whitelist feature and Microsoft Defender for Cloud Apps, and seek your insights and solutions.
**Issue Overview:**
We configured an Azure AD domain whitelist to ensure that only authorized domains have access to our shared files. However, I've noticed that some files shared with unauthorized domains are still triggering policy violations, even though the domain is whitelisted. This has led to unnecessary alerts and disruptions.
**Observed Behavior:**
Despite these efforts, some files shared with unauthorized domains still trigger policy violations, causing false positives and additional workload for our team.
I'm reaching out to the community to see if anyone has encountered a similar issue or has insights into possible causes and solutions. Has anyone successfully resolved a similar situation? Are there any specific considerations or troubleshooting steps I might have missed?
How can we ensure that the policy accurately identifies unauthorized domain sharing while honoring the whitelist?
Thanks
- Keith_Fleming
Microsoft
mohammadalkhateeb if these are 1st party applications (SPO/OD) I would recommend using SPO admin center to configure sharing settings only for the domains you want to allow. This will allow you to block upfront in the application itself.
One thing to be aware of with Defender for Cloud Apps, if you are using collaborators from domain it will apply to files shared via direct access. This will not include files shared via a link, so you could see some unexpected matching behavior.
- Thanks for the information and I will try that way
