Forum Discussion
MDCA File Policy in Trash option
Hi Community, anyone have played around with the option for "in Trash" in MDCA file Policy (DLP)?
I created a detection policy for (a)
- sensitivity label + ms info protection + equals + confi labelled files
- App + equals + sharepoint online and onedrive
and (b)
- sensitivity label + ms info protection + equals + confi labelled files
- App + equals + sharepoint online and onedrive
- in trash + is + false
Both detection policy resulted in the same policy matches count.
I reviewed this kb - https://learn.microsoft.com/en-us/defender-cloud-apps/file-filters
In trash – Exclude/include files in the trash folder. These files may still be shared and pose a risk.
Would users deleted files = files that have been moved to trash?
If my result shows that the value is similar, would files retention hold policy applied for SPO and OneDrive impact the result because the files aren't really 'deleted' into the trash?
Look forward to hearing anyone else with similar experiences and how they go about reducing the number of policy matches when files are already 'trashed'. 🙂
5 Replies
- Keith_Fleming
Microsoft
Hi jokej_outlook,
If a file has been deleted and trashed my expectation is that it would fall out of file matches and be removed from the UI in Defender for Cloud Apps.
Keith_Fleminghave you had experience if there's retention hold in place for files stored onedrive and sharepoint online?
I am unsure if its related, it seems that file violations stayed in the detected list even after they've been deleted by users.
One work-around I had was to manually 'refresh' the files in MDCA, that seems to help, but I have 1.2mil violations and I can't 'refresh' all of them regularly from the console.
- Keith_Fleming
jokej_outlook after the refresh is the file being deleted from the UI?
If you create a new file policy I would expect files in scope to be rescanned automatically without needing to refresh.
