May 11 2020 06:07 AM
Hi Community,
I created a File Policy with a Governance Action to remove a specific user as a collaborator but it does not take effect. Scenario:
1. Create a File Policy that matches all files in OneDrive and SharePoint that has an access level of external and has collaborator user@contoso.com.
2. Configure Governance Action to remove the collaborator user@contoso.com .
3. I can see alert for all the files that has matched the policy.
4. When I click on "View policy matches" > History I can see Actions --- Remove a collaborator is applied to those documents.
5. When I go to Investigate > Files and filter for all documents with collaborator user@contoso.com I can still see those documents with the collaborator user@contoso.com on it.
I have been waiting 2 days for the policy to take effect.
Hope someone can enlighten me on this.
Thank you!
May 11 2020 10:34 AM - edited May 11 2020 10:35 AM
Hi, I just tested this scenario, and it looks like the policy does not automatically remove the collaborator. In my test, I had to highlight one of the files, go to actions, and then select Remove a collaborator as shown below;
This succeeded in removing the collaborator from the file. Not a specific scenario of CAS I have tried before, but it looks to me like this may be the intended behaviour - IE, the policy matches and Investigate Files will show you the external collaborators - but then you have to explicitly remove the access.
May 11 2020 06:21 PM - edited May 11 2020 06:35 PM
@PeterRising thank you for your response!
We are intending to do this to remove the permissions to external users. I believe that Governance Action should be a real time action once an activity has matched that policy.
https://docs.microsoft.com/en-us/cloud-app-security/governance-actions#file-governance-actions
Should this be automated?
May 12 2020 02:18 AM
Yes I agree that it should be automated as per the guidelines in the link you provided. Thus far, I cannot get it to automate the removal of a collaborator though - the same as you are facing.
What do you see if you click the cog wheel and select Governance log?
May 12 2020 02:29 AM
The Governance action for removing Collaborator is not listed there. But I can see the alert has been triggered.
May 12 2020 10:20 AM
I'm working on this some more but have not succeeded in generating automated governance as yet. I will let you know if I figure this out.
May 15 2020 02:52 AM
In my continued testing, I cannot get automated governance to take the action to remove the collaborator. However, if I change the action to Remove External users, it works, and removes all external users.
Weird that it does not do the same for collaborator though. I may open a ticket with Microsoft about this and see what response I get.
May 15 2020 03:04 AM
SolutionThank you for all the testing!
Raised this to MS Support and according to them it only works if the user has been added as a Direct Access not a shared link or the usual sharing that we do where we specify a specific user when sharing.
I really hope Microsoft would also support the remove collaboration when using the usual sharing.
May 15 2020 03:07 AM
Hi Mary, thank you for this information. This is really handy to know. I agree that this functionality is not ideal. I have logged with Microsoft myself. I am sure they will tell me the same thing. I will let you know if otherwise.
May 15 2020 04:13 AM
Ha, MS support actually referred me back to this post.
I guess we have our answer on this.
May 15 2020 04:32 AM
Thank you for the help @PeterRising
May 15 2020 03:04 AM
SolutionThank you for all the testing!
Raised this to MS Support and according to them it only works if the user has been added as a Direct Access not a shared link or the usual sharing that we do where we specify a specific user when sharing.
I really hope Microsoft would also support the remove collaboration when using the usual sharing.