Forum Discussion
Using MCAS to block file upload to SharePoint Online based on (external) file property?
Hi,
With MCAS (by file policy or by Conditional Access App Control), would it be possible to act on single file if specific file property matches search criteria? E.g. if any value in multivalued property "Tags" in Office file matches "testtag01" or if any value in multivalued property "Keywords" in PDF file matches "testtag01". I've tried with O365 DLP, but with traditional Office 365 DLP issue is that those properties are not indexed in SharePoint search index by default and therefore DLP wont detect those.
- jurowley
Microsoft
Petri Helin I think you'll probably need an Activity Policy for this. You can create an Activity Policy to match anything in the "Activity Object" field of the Activity Log entry. If the specific property you're interested in auditing isn't listed there, you can create a Service Ticket with Support to add any of the "Raw Data" fields we pull from O365. But it sounds like the specific property you're after isn't audited at all by SPO so I doubt you will find it in the Raw Data field of the Activity Log entry. I think you'll want to petition SPO to start auditing for the API Object and then MCAS to start calling for it - but I'm not entirely sure, frankly. Definitely wouldn't be a Session Policy (CAAC) and I couldn't find anything seemingly relevant for a File Policy.
- Ok, thank you for your comments jurowley. I find it quite odd that you cannot filter by file properties in File Policies 😞
- jurowley
Petri Helin - you can filter by properties of the file. For example, you can create a File Policy that matches a file that's externally shared, when it was last modified, the mime type, file type, file name, etc. You can even filter by labels.
Does this answer your question?
