cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DLP identify internal SharePoint files with direct access and no sharing

Alan Marshall
Steel Contributor

‎May 04 2022 02:55 PM

‎May 04 2022 02:55 PM

DLP identify internal SharePoint files with direct access and no sharing

I'm testing a DLP policy to detect when a file that has a specific Sensitivity Label is shared inside the organisation. The expectation is that if the user shares the file in SharePoint it will be blocked, the user can then remove the sharing links and it will unblock.

My testing shows that as soon as the Sensitivity label is applied an alert event is generated because users other than the site owner has direct access to the file inherited from the document library. The files is never shared using a sharing link.

Does "internal shared" detection include any access other than the person who added the file or the site owner and not related to sharing links?

Preview file
23 KB
1,855 Views
1 Like
4 Replies
Reply
4 Replies
Alan Marshall

‎May 04 2022 02:58 PM

‎May 04 2022 02:58 PM

Re: DLP identify internal SharePoint files with direct access and no sharing

Some additional screenshot from SharePoint indicated the file is not shared

Preview file
5 KB
0 Likes
Reply
Thibaut_Gossselin

‎May 17 2022 01:28 AM

‎May 17 2022 01:28 AM

Re: DLP identify internal SharePoint files with direct access and no sharing

Hello,

Thank you for your post. I have a problem similar to yours.
I have been looking for days for a way to block file sharing to internal users who are not in the same private Teams group.

I have exactly the same DLP but I don't have this blocking.

For the proccess, I have created :

- An internal label
- A label policy
- A SharePoint DLP with the same conditions with the blocking action on "Everyone".

Have you done any other configuration ?

Thanks :)
0 Likes
Reply
Alan Marshall

‎May 17 2022 01:08 PM

‎May 17 2022 01:08 PM

Re: DLP identify internal SharePoint files with direct access and no sharing

That's exactly what I did but files are blocking everyone as soon as they are labelled without even sharing the file.
The only difference to your setup is the permissions in that document library are not inheriting from the site and the Member group has no access, just a specific SharePoint group with users.
I have a call with Microsoft open so will update this thread when I have an answer.
0 Likes
Reply
Thibaut_Gossselin

‎May 18 2022 12:26 AM

‎May 18 2022 12:26 AM

Re: DLP identify internal SharePoint files with direct access and no sharing

Thank you for your answer :)
I have indeed the same results as you indicated.
While waiting for Microsoft to come back, I'll do some more tests and come back to you if I find something.
0 Likes
Reply