This section of the API Data Protection Policy page specifies files, objects, and messages that trigger a policy violation.
For Microsoft Office 365 SharePoint Sites, you can select one of the following options:
FILES SHARING OPTIONS TO SCAN
- All Sharing Options: Scans all sharing options like private, public, shared externally, shared internally, cross-geo, enterprise shared, and shared with group(s).
- Specific Sharing Options: With specific sharing options, you can choose all or specific sharing types, like:
- Private: A file not shared with anyone.
- Public: A file that is shared or open to the public.
- Shared internally: A file shared specifically with users within the same sub-domain of the organization.
If you share a file with an internal user who is in a different geo location, the file will be classified as ‘Cross-geo’ instead of ‘Internal’.
The Shared Internally option will not trigger a policy if the file or folder has a public sharing link.
- Shared externally: A file shared specifically with users outside the organization. You can select All External Domains, specific external domains, or exclude a specific domain by selecting the All External Domains Except option. If you select the All External Domains Except option, choose the domain to be excluded from a policy trigger. You can create a new domain by selecting the Create New option.
The Shared Externally option will not trigger a policy if the file or folder has a public sharing link.
- Cross-geo: A file shared between geo locations in an Office 365 multi-geo environment.
- The cross-geo sharing exposure is available for centralized compliance administration with one instance for all geo-locations, and decentralized compliance administration with one instance per geo-location.
- If you do not see the cross-geo file sharing option, ensure that the multi-geo capability is enabled on your Microsoft Office 365 account.
- Enterprise Shared: A file shared with Office 365 preset groups. They are Everyone and/or Everyone except external users. In case of everyone, the file is shared within the Office 365 enterprise and external users. The file sharing exposure will be external. In case of everyone except external users, the file is shared within the Office 365 enterprise only. The file sharing exposure will be enterprise.
- Shared with Group(s): A file shared directly with a specific named group. A shared group can be a combination of internal and external users. This list is fetched from your Microsoft Office 365 Admin Center’s Groups > Active Groups. Only Microsoft 365, mail-enabled security, and security group types are supported.
If you share a file with individual users in the selected group, API Data Protection will not count it as a match.
To set thresholds for when content sharing triggers a policy violation, select Advanced Options and enter the number of internal, cross-geo, or external collaborators that need to be detected for a policy violation to occur. If you share a file with a Microsoft 365 group, API Data Protection can expand the group, identify the number of users and apply the threshold limit. However, there are a few important points to note:
- API Data Protection does not support expansion of a distribution group.
- API Data Protection does not support the expansion of a sub-group. If a Microsoft 365 group contains a sub-group (group within a group), API Data Protection does not expand the sub-group. The sub-group is considered as a single internal or external user.
- Owner of a group does not get access to the files shared to the group, and hence API Data Protection does not count an owner as a member.
- If a file is shared with two groups and user ‘x’ belongs to both the groups, API Data Protection counts this user only once.
- Cross-geo users in any group will be treated as internal users. If a Microsoft 365 group contains a cross-geo user (user in another satellite location), API Data Protection treats such a user as an internal user during group expansion.
FILE TYPES TO SCAN
- All File Types or Specific File Types to scan.
Microsoft Office 365 does not trigger events notification for sharing link activities. Netskope retrieves these via a polling mechanism after subsequent events. This may cause delays in processing shared links in SharePoint.