Netskope Help


This section of the API Data Protection policy page specifies the action to be taken when a policy violation occurs. The actions vary depending on the app chosen. For some apps, the only action is alert. Similarly, restrict access options vary depending on the app chosen.

  1. Select the action you want to take from the drop-down list, like Alert, Block, Change Ownership, Restrict Access, Encrypt, Delete, Quarantine, Legal Hold, Restrict Sharing to View, Apply Azure RMS Template, Data Classification, Disable Print and Download, or IRM Protect.


    • If you use the encrypt policy action, ensure that you have a Netskope real-time deployment i.e., a reverse or forward proxy. The Netskope real-time deployment is required to decrypt the file.

    • For a list of supported actions per cloud app, refer to API Data Protection Policy Actions per Cloud App

    For Microsoft Office 365 OneDrive for Business and SharePoint Sites apps, you can select the Restrict Access option from the adjacent drop-down list. The Restrict Access Levels are Owner, Remove Public Links, Remove Individual Users, and Remove Organization Wide Link.

  2. Select the action as IRM Protect from the drop-down list and select Vera or MIP as the IRM vendor. If you select Microsoft Information Protection (MIP), you have to select an MIP Profile.


    Before you create an IRM policy, you should create a Vera or MIP instance. For more information, see IRM Integration with Vera or IRM Integration with Microsoft Information Protect.

  3. Select the available action and click Next.

  4. For Quarantine, select an existing quarantine profile from the list, or create a new one. Click New Quarantine Profile from the drop-down list to create a new quarantine profile for this policy. A DLP profile must be selected in section to use Quarantine. In Create Quarantine Profile wizard, complete the Settings, Customize, and Set Profile pages. When finished, click Create Quarantine Profile. When finished, click Next.


    Encrypted files sent to the quarantine folder are limited to 20 MB in size.

    When a file is sent to the quarantine folder, an email is sent to the approver and another is sent to the user with the appropriate coaching messages. 

  5. For Legal Hold, choose an existing profile from the drop-down list or click Create New. The CREATE LEGAL HOLD PROFILE wizard opens. For more information, refer to the Legal Hold section of Profiles. When files are placed in legal hold, emails are sent to the custodian and the users who created the files. When finished, click Next.

Azure RMS Template
  1. Go to Policies > API Data Protection and under the SaaS tab, click New Policy.

  2. Configure the policy workflow till DLP.

  3. In the Action section, select Apply Azure RMS Template from the Action drop-down list and RMS template from the Azure RMS Template drop-down list.


    In Azure, if a template is created with scope, RMS super user should be part of the scope, if not, the RMS template will not populate under the Azure RMS Template drop-down list.

  4. Click Next and then go to the topic in this guide that matches the section you're configuring on the API Data Protection policy page.