SOLVED

Remove a Collaborator Governance Action is not working

Brass Contributor

Hi Community,

 

I created a File Policy with a Governance Action to remove a specific user as a collaborator but it does not take effect. Scenario:

1. Create a File Policy that matches all files in OneDrive and SharePoint that has an access level of external and has collaborator user@contoso.com.

2. Configure Governance Action to remove the collaborator user@contoso.com .

3. I can see alert for all the files that has matched the policy.

4. When I click on "View policy matches" > History I can see Actions --- Remove a collaborator is applied to those documents.

5. When I go to Investigate > Files and filter for all documents with collaborator user@contoso.com I can still see those documents with the collaborator user@contoso.com on it.

 

I have been waiting 2 days for the policy to take effect. 

 

Hope someone can enlighten me on this.

 

Thank you!

10 Replies

@Mary_Yvette 

 

Hi, I just tested this scenario, and it looks like the policy does not automatically remove the collaborator.  In my test, I had to highlight one of the files, go to actions, and then select Remove a collaborator as shown below;

 

Screenshot 2020-05-11 at 18.29.57.png

 

This succeeded in removing the collaborator from the file.  Not a specific scenario of CAS I have tried before, but it looks to me like this may be the intended behaviour - IE, the policy matches and Investigate Files will show you the external collaborators - but then you have to explicitly remove the access.

@PeterRising thank you for your response!

 

We are intending to do this to remove the permissions to external users. I believe that Governance Action should be a real time action once an activity has matched that policy. 

 

https://docs.microsoft.com/en-us/cloud-app-security/governance-actions#file-governance-actions

 

Should this be automated?

@Mary_Yvette 

 

Yes I agree that it should be automated as per the guidelines in the link you provided.  Thus far, I cannot get it to automate the removal of a collaborator though - the same as you are facing.

 

What do you see if you click the cog wheel and select Governance log?

 

Screenshot 2020-05-12 at 10.18.30.png

@PeterRising 

 

The Governance action for removing Collaborator is not listed there. But I can see the alert has been triggered.

@Mary_Yvette 

 

I'm working on this some more but have not succeeded in generating automated governance as yet.  I will let you know if I figure this out.

@Mary_Yvette 

 

In my continued testing, I cannot get automated governance to take the action to remove the collaborator.  However, if I change the action to Remove External users, it works, and removes all external users.

 

Screenshot 2020-05-15 at 10.49.35.png

 

Weird that it does not do the same for collaborator though. I may open a ticket with Microsoft about this and see what response I get.

best response confirmed by Mary_Yvette (Brass Contributor)
Solution

@PeterRising 

Thank you for all the testing!

 

Raised this to MS Support and according to them it only works if the user has been added as a Direct Access not a shared link or the usual sharing that we do where we specify a specific user when sharing.

Mary_Yvette_0-1589536928826.png

I really hope Microsoft would also support the remove collaboration when using the usual sharing.

@Mary_Yvette 

 

Hi Mary, thank you for this information.  This is really handy to know.  I agree that this functionality is not ideal.  I have logged with Microsoft myself.  I am sure they will tell me the same thing.  I will let you know if otherwise.  :smile:

@Mary_Yvette 

 

Ha, MS support actually referred me back to this post.  :lol:

 

Screenshot 2020-05-15 at 12.11.33.png

 

I guess we have our answer on this.

Thank you for the help @PeterRising :lol:

1 best response

Accepted Solutions
best response confirmed by Mary_Yvette (Brass Contributor)
Solution

@PeterRising 

Thank you for all the testing!

 

Raised this to MS Support and according to them it only works if the user has been added as a Direct Access not a shared link or the usual sharing that we do where we specify a specific user when sharing.

Mary_Yvette_0-1589536928826.png

I really hope Microsoft would also support the remove collaboration when using the usual sharing.

View solution in original post