May 04 2022 02:55 PM
I'm testing a DLP policy to detect when a file that has a specific Sensitivity Label is shared inside the organisation. The expectation is that if the user shares the file in SharePoint it will be blocked, the user can then remove the sharing links and it will unblock.
My testing shows that as soon as the Sensitivity label is applied an alert event is generated because users other than the site owner has direct access to the file inherited from the document library. The files is never shared using a sharing link.
Does "internal shared" detection include any access other than the person who added the file or the site owner and not related to sharing links?
May 04 2022 02:58 PM
Some additional screenshot from SharePoint indicated the file is not shared
May 17 2022 01:28 AM
May 17 2022 01:08 PM
May 18 2022 12:26 AM