Is it possible to block uploading unclassified file on OneDrive for Business

%3CLINGO-SUB%20id%3D%22lingo-sub-561106%22%20slang%3D%22en-US%22%3EIs%20it%20possible%20to%20block%20uploading%20unclassified%20file%20on%20OneDrive%20for%20Business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-561106%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Fellows%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECloud%20App%20Security%20promises%20to%20automatically%20classify%20files%20uploaded%20to%20Cloud%20app%20such%20as%20OneDrive%20for%20Business.%20However%20I%20have%20a%20customer%20with%20business%20requirement%20to%20not%20allow%20users%20be%20able%20to%20upload%20files%20on%20OneDrive%20for%20Business%20unless%20files%20are%20pre-classified%20using%20AIP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdditionally%2C%20if%20possible%2C%20files%20classified%20with%26nbsp%3Blabel%20'Confidential'%20should%20be%20blocked.%20Only%20files%20which%20are%20classified%20as%20'Public'%20should%20be%20allowed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20using%20Cloud%20App%20Security%3F%20Has%20any%20one%20experienced%20such%20scenario%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20see%20there%20is%20a%20%22Block%20upload%20based%20on%20real-time%20content%20inspection%22%20action%20available%20in%20Cloud%20App%20Security%20%26gt%3B%20Session%20Policy.%20However%20I%20am%20not%20able%20to%20create%20a%20conditional%20access%20policy%20(which%20is%20pre%20requisite%20for%20creating%20Cloud%20App%20Security%20Session%20Policy%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fproxy-deployment-aad%23add-azure-ad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fproxy-deployment-aad%23add-azure-ad%3C%2FA%3E).%20OneDrive%20for%20Business%20is%20not%20available%20in%20the%20list%20of%20cloud%20apps%20while%20creating%20Conditional%20Access.%20I%20am%20following%20this%20link%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fproxy-deployment-aad%23add-azure-ad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fproxy-deployment-aad%23add-azure-ad%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-561106%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-881275%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20it%20possible%20to%20block%20uploading%20unclassified%20file%20on%20OneDrive%20for%20Business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-881275%22%20slang%3D%22en-US%22%3EHi%20Ahmed%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI'd%20like%20to%20jump%20on%20the%20bandwagon.%20In%20my%20usecase%2C%20documents%20with%20a%20specific%20label%20aren't%20allowed%20to%20be%20uploaded%20to%20OneDrive%20and%20I%20can't%20figure%20out%20how%20this%20might%20work.%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi Fellows,

 

Cloud App Security promises to automatically classify files uploaded to Cloud app such as OneDrive for Business. However I have a customer with business requirement to not allow users be able to upload files on OneDrive for Business unless files are pre-classified using AIP.

 

Additionally, if possible, files classified with label 'Confidential' should be blocked. Only files which are classified as 'Public' should be allowed.

 

Is it possible using Cloud App Security? Has any one experienced such scenario?

 

I can see there is a "Block upload based on real-time content inspection" action available in Cloud App Security > Session Policy. However I am not able to create a conditional access policy (which is pre requisite for creating Cloud App Security Session Policy https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad#add-azure-ad). OneDrive for Business is not available in the list of cloud apps while creating Conditional Access. I am following this link https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad#add-azure-ad

1 Reply
Highlighted
Hi Ahmed,

I'd like to jump on the bandwagon. In my usecase, documents with a specific label aren't allowed to be uploaded to OneDrive and I can't figure out how this might work.