CLOUD SERVICES
      Back to home
      1. Safetica
      2. MANAGEMENT: Manage your environment
      3. CLOUD SERVICES

      Introducing and activating Microsoft 365 file protection

      Learn how to protect files accessed and shared through company Microsoft 365, how such protection works, and how to activate it. Control to whom your files are shared via Microsoft 365 and protect your company from possible data loss.

      Before you can activate the protection, you must first add your Microsoft 365 tenant to Safetica.


      In this article, you will learn about:

       

      Introduction

      With Microsoft 365 file protection, you can:

      1. Protect files classified with existing classification: Files classified by third-party tools that added classification identifiers into them (e.g. Microsoft MIP, Boldon James, or Tukan GREENmod) can be audited and blocked in SharePoint (both files and folders), OneDrive for Business, Teams, or Outlook on the web, even on devices without Safetica Client
      2. Protect files without existing classification: Policies based on other than existing classification work only for operations made from devices with Safetica Client (or if the files are not modified in the cloud).
      3. Audit all file sharing and other file movements: Sharing, download, and upload to and from Microsoft 365 can be audited even on devices without Safetica Client.

      File uploads to Microsoft 365 can only be blocked by devices with installed Safetica Client. Uploads from devices without Safetica Client are only audited. 

       

       

      Activating Microsoft 365 file protection in Safetica console

        1.  In Safetica console, go to Cloud services, click your M365 tenant.

        2.  Click the Activate file protection button.

        3.  Read the displayed steps you must perform in the Microsoft Compliance Portal to enable Safetica to audit and protect your valuable company data.

        4.  Check the box and click Finish. Then proceed to Microsoft Compliance Portal.

      Completing the configuration in Microsoft Compliance Portal is a crucial prerequisite for the correct operation of this feature.

       

      Configuring file protection in Microsoft Compliance Portal

      1. Access Microsoft Compliance Portal using a Microsoft account with Global Admin role.

      2. Click the Show All link on the left and then click Audit.

      3. Click the thin wide button Start recording user and admin activity and wait for it to complete. If you can't see this button, it means the auditing feature is already turned on. In such a case, you can leave the portal.
      4. After this step, the file audit of your Microsoft 365 data (i.e. files on OneDrive, SharePoint, and Teams) will be activated.

       

       

      Configuring policies for Microsoft 365 file sharing

      • After you finish the activation in Microsoft Compliance Portal, policies configured for the M365 file sharing destination type will start applying to file-sharing operations performed by users in your Microsoft 365 tenant.

      Accessing records related to Microsoft 365 file activity

      • After you finish activation, you will find records related to SharePoint, OneDrive for Business, and Teams file activity in the Data section of Safetica console.

       It might take up to 48 hours to see the records of Microsoft 365 file activity. 

      • To only see records from Microsoft 365, set the Application filter to SharePoint Online and Microsoft Teams.

       

       

      Read next

      Cloud services: How to add your Microsoft 365 tenant

      Cloud services: How to activate and deactivate email protection in Microsoft 365

      Cloud services: How to protect a subset of Microsoft 365 users