Using MCAS to block file upload to SharePoint Online based on (external) file property?
Hi, With MCAS (by file policy or by Conditional Access App Control), would it be possible to act on single file if specific file property matches search criteria? E.g. if any value in multivalued property "Tags" in Office file matches "testtag01" or if any value in multivalued property "Keywords" in PDF file matches "testtag01". I've tried with O365 DLP, but with traditional Office 365 DLP issue is that those properties are not indexed in SharePoint search index by default and therefore DLP wont detect those.
File Policy: Change stale externally shared files from modified to created with same parameters
Hello, So I applied a file policy which works great with our organization which is the "Stale externally shared files". This File policy detects any files shared externally that have not been modified for X amount of days. My question is, can I change this modified parameter so that instead of modified, it's created? Here's a screenshot of what I mean. When I add the Created parameter, it only gives me data ranges instead of by days like in the last modified parameter. Is this a customized parameter that comes with the policy? Can I replicate it with Created? How can I make it so that it can detect any files that were created more than X days, to apply governance actions? Thank you!
MCAS Regex Engine
Maybe you have a Quick answer. We are currently evaluating DLP Capabilities with MCAS. As we are now implementing Use Cases, we discovered that the Regex Engine from Microsoft is somewhat special. Me and my colleagues understand that this is a mass amount engine and therefore has its limitations regarding the Quantifiers. Now, the Docs are kind of clear but only very less. How does the Regex Engine actually works, what are the limitations? We can investigate every single regex match but how do we validate false positives for a amount of matches? (Probability Score or Reducing the max. Matches per day) Some example use cases from the customer: - Leveraging regex to look for http headers - Look for Cookies (e.g. Look for "Set-Cookie") - Regex hunting base64 encoded jwt id or access tokens or other custom tokens with various file types - pci data (can be covered by MCAS) - aws session token (SessionToken AND base64 encoded data in the vicinity) - MIP labeled documents ( can be covered by MCAS) Hope someone can helpMicrosoft Cloud App Security Session Policy For .PDF Viewing
Currently we have a session policy in Microsoft Cloud App Security that blocks all file downloads while using Outlook Web which still allows attachment viewing. This works great for all Office documents however .PDF attachments cannot be viewed because they perform a download when previewing them. The only workaround is allow .PDF attachment downloads only. Will there be any future enhancements in MCAS that will allow .PDF viewing while still blocking downloads? Previewing or printing PDF files may be blocked This is normal behavior when you have a policy configured to block downloads. Occasionally when previewing or printing PDF files, apps initiate a download of the file causing Cloud App Security to intervene to ensure the download is blocked and that data is not leaked from your environment. If you would like to allow PDF file downloads, you can exclude PDF files based on their file extension in the relevant session policy.
App Discovery - application criteria
Does anyone know if there is documented criteria that defines an application in the context of Cloud App Discovery - i.e. what criteria does the app have to meet to be defined as an app, that in turn means it shows up in the discovered apps list? An example of why I ask. I tested uploading data to Datto Workspace and within a few hours, Datto Workspace shows up as a new discovered app. I've then setup 'Synology Drive' on my NAS at home, which has a public DNS record, uses TLS and is arguably no different to Datto Workspace in the sense that I can logon and upload data. The difference is, this has not shown up as a discovered app in MCAS. MCAS has no record of the 6GB of test data that I uploaded to the NAS.. Keen for any thoughts/advice. Thanks Darren
How to restrict access to D365 Customer Insights to company network (IP range)
Hi, I'd like to ask if anyone here knows a way to restrict access to the Customer Insights app so that users can access this cloud app only if they are doing it from within our own network? We were able to set up an AAD Conditional Access policy to achieve this for other Dynamics 365 apps by restricting access for the Common Data Service. But I don't find an appropriate app to select for restriction of Customer Insights. Do we have to restrict something different to achieve this or do we have to use another feature or is it not possible to do what we want? Our data protection officer told us that we have to seal our D365 cloud apps off first before we may upload sensitive customer data to/through it. That way we can easily make sure (more or less) that users use controlled devices and controlled client apps and filtered LAN/VPN that prohibits them from accidentally or intentionally leaking sensitive data to other services etc. I appreciate every hint. Thanks in advance. Roberto
EIN Regex for DLP
We are trying to create a new policy to detect Employer Identification Number (EIN). I'm very new to Regex so I need some help. We've tried the below regex and MCAS is showing me an error of: Capturing parenthesis not allowed in regular expression. Does anyone know how to convert the below regex to something without the capturing parentheses? Thanks! ([07][1-7]|1[0-6]|2[0-7]|[35][0-9]|[468][0-8]|9[0-589])-?\d{7}Delayed MCAS Policy Scanning in Box
We have integrated Box and MCAS. We have noticed that MCAS policies are applied at different time intervals and not close to Near Real Time. Fastest policy alert is 5 hours and up to a few days. This policy is directed to be applied to one folder in Box. We tested this policy in SharePoint and it was successful in identifying and labeling the files within an hour. Does anyone know how the policies are applied from MCAS to Box? and if there is a setting that I need to turn on to speed up the file scan in Box.
