Netskope Help

Action

This section of the API Data Protection policy page specifies the action to be taken when a policy violation occurs. The actions vary depending on the app chosen. For some apps, the only action is alert. Similarly, restrict access options vary depending on the app chosen.

  1. Select the action you want to take from the drop-down list, like Alert, Block, Change Ownership, Restrict Access, Encrypt, Delete, Quarantine, Legal Hold, Restrict Sharing to View, Apply Azure RMS Template, Data Classification, Disable Print and Download, or IRM Protect.

    Note

    • If you use the encrypt policy action, ensure that you have a Netskope real-time deployment i.e., a reverse or forward proxy. The Netskope real-time deployment is required to decrypt the file.

    • The Disable Print and Download action applies to Google users who have comment and view file permissions. Users with edit permissions on a file can continue to print and download the file.

    • For a list of supported actions per cloud app, refer to API Data Protection Policy Actions per Cloud App

    For some actions, like Restrict Access, you can select additional options from the adjacent drop-down list. For example, if you selected Specific Sharing Options and Shared Externally in the Content section, then the option to allowlist or blocklistan External Domain appears in the drop-down list.

  2. Select the action as IRM Protect from the drop-down list and select Vera or MIP as the IRM vendor. If you select Microsoft Information Protection (MIP), you have to select an MIP Profile.

    Note

    Before you create an IRM policy, you should create a Vera or MIP instance. For more information, see IRM Integration with Vera or IRM Integration with Microsoft Information Protect.

  3. Select the available action and click Next.

  4. For Quarantine, select an existing quarantine profile from the list, or create a new one. Click New Quarantine Profile from the drop-down list to create a new quarantine profile for this policy. A DLP profile must be selected in section to use Quarantine. In Create Quarantine Profile wizard, complete the Settings, Customize, and Set Profile pages. When finished, click Create Quarantine Profile. When finished, click Next.

    Note

    Encrypted files sent to the quarantine folder are limited to 20 MB in size.

    When a file is sent to the quarantine folder, an email is sent to the approver and another is sent to the user with the appropriate coaching messages. 

  5. For Legal Hold, choose an existing profile from the drop-down list or click Create New. The CREATE LEGAL HOLD PROFILE wizard opens. For more information, refer to the Legal Hold section of Profiles. When files are placed in legal hold, emails are sent to the custodian and the users who created the files. When finished, click Next.

Restrict Access to Domain and User Profiles

Up until release 47, allowlist and blocklist domain profiles under Restrict Access were linked to the domain profiles under Content > File Sharing Options to Scan policy workflow. These two are independent of each other. An administrator access based on domain profiles. In addition, administrators can now allow (allowlist) or deny (blocklist) certain users (user profile) from accessing files and folders.

Before restricting access to a domain or user profile, you need to create the profile from the Policies > Profiles page. Once the profile is created, they get listed as part of the Restrict Access action. Restrict Access is available as part of the Action policy workflow. You must select Restrict to select Allowlist Domains, Blocklist Domains, Allowlist User , or Blocklist User from the Restrict Access Level drop-down list. Based on the choice, the Domain Profile or User Profile dropdown list is displayed.

Note

In Contents > File Sharing Options to Scan, if you select Specific Sharing Options > Private, the Restrict Access option is not available under Actions.

Google Drive Connected Apps/Plugins

If you select Google Drive application to scan Connected Apps/Plugins, only two actions are available: Alert and Revoke.

  • Alert: If the policy is triggered, based on the policy definition, an alert will be generated.

  • Revoke: If the policy is triggered, based on the policy definition, the selected Google app/plugin will be revoked.

    Note

    Apps that are revoked can be reinstalled by the user. However, if the policy is active, the apps will be revoked again.

    Note

    If the policy to revoke an app applies to a user A, user B can continue to install the app.

    Note

    After revoking, the app is visible in the but on running the app, the user must grant access again.