Configuring file policies in Microsoft Defender for Cloud Apps- Microsoft SC-400 Certification

The built-in engine for Microsoft Defender for Cloud Apps runs content inspections by removing text from all familiar file types, such as compressed files, Open Office, Office, and several rich text formats, such as XML and HTML.

There are three parts within every policy:

  • A content scan built on top of preset templates or custom expressions
  • Context filters, which include user roles, file metadata, sharing level, organizational group integration, collaboration context, and additional customizable attributes
  • Automated actions for governance and remediation

Once you’ve enabled this, the policy will constantly scan the full cloud tenant, recognize files that match the content and context filters, and then apply the required automated actions. All violations for at-rest content are fully detected and remediated in these policies, including any new information that is created. Policies are monitored by utilizing real-time alerts or by using reports.

An additional option is to utilize the Data Classification service, which is used by the DLP policies in the Compliance Center. This option will allow you to have a uniform experience with every configured DLP policy.

The following exercise, which you can also complete, will focus on creating a new file policy within the Microsoft Defender for Cloud Apps portal:

  1. Navigate to the Cloud App Security portal (https://portal.cloudappsecurity.com). From here, click on Control and then Policies.

Figure 7.23 – Navigating to Policies

2. Click on Create Policy and choose File Policy.

Figure 7.24 – Creating a File policy

3. Enter a relevant name and description.

4. Here, you will need to specify Policy severity. This level is utilized to establish whether the policy matches a trigger notification in the scenario where you have set Cloud App Security to send notifications on policy matches.

Figure 7.25 – Policy severity

5. In the Category panel, join the policy to the most relevant risk type. This field will assist you in looking for certain policies and alerts at a later date, depending on its risk type.

Figure 7.26 – Category

6. To set which discovered apps trigger this specific policy, you will be required to select the Create a filter for the files this policy will act on option. It is recommended that you be as restrictive as possible to avoid false positives.

Figure 7.27 – Filters

7. Beneath the first Apply to filter, choose all files excluding selected folders or selected folders for Box, SharePoint, Dropbox, and OneDrive. Here, you can impose your file policy on all the files on the app or certain folders.

Figure 7.28 – Apply to options

8. Beneath the second Apply to filter, choose all file owners, file owners from selected user groups or all file owners excluding selected user groups. You must then choose the specific user groups to ascertain which users and groups should be in the policy.

Figure 7.29 – Apply to options – continued

9. Choose the content Inspection method. You have the choice of Built-in DLP or Data Classification Service.

Figure 7.30 – Inspection method

10. Select the Governance action you require Cloud App Security to have when a match is detected. Then, choose Create policy.

    To view all the files that are believed to have violated a policy, complete the following steps:

    1. Choose Control and then Policies.
    2. Look for the relevant File Policy you want to review.
    3. Click on the three dots (…) on the right-side of the policy and choose View all matches.
    4. You should now see a list of files that have been recognized by the file policy to match the chosen filters. You may utilize this to review the impact the policy has had before you amend it to apply any Governance actions.

    In this section, we learned how to configure file policies within the Microsoft Defender for Cloud Apps Admin Center and create file policy matches. In the next section, we will discuss how to implement DLP prevention policies in test mode.

    Leave a Reply

    Your email address will not be published. Required fields are marked *