CLOUD SERVICES
      Back to home
      1. Safetica
      2. MANAGEMENT: Manage your environment
      3. CLOUD SERVICES

      How policies and data classification work in Safetica Cloud Protection

      Learn how Safetica Cloud Protection applies policies to Microsoft 365 email and file operations and how it handles classified files.

      In this article, you will learn more about:

       

      Introduction

      Learn more about Safetica Cloud Protection here.

      There is also more info about individual features of Safetica Cloud Protection, namely: Microsoft Outlook protection, Microsoft Exchange protection, and Microsoft SharePoint protection.  

       

       

      Policies in Safetica Cloud Protection

      Once you activate Microsoft Outlook protection, Microsoft Exchange protection, or Microsoft SharePoint protection, Safetica Cloud Protection will start applying policies to Email and M365 file sharing operations performed by users in your Microsoft 365 tenant.

      For active email protection (i.e. the ability to block emails that violate your policies before they are sent), please activate Microsoft Outlook protection.

      If you activate Microsoft Exchange protection without activating Microsoft Outlook protection, sent emails will only be audited but not blocked. Safetica will receive a copy of the emails after they are sent for auditing purposes (to create a record) but will not be able to protect sensitive attachments from leaving the company.

       

      How to create sharing and email protection policies

      Learn how to create a policy here.

      • Use the M365 file sharing destination type to protect files shared via Outlook on the web, SharePoint, OneDrive for Business, or Teams.
      • Use the Email destination type to protect files sent as attachments via Outlook.
      • Data destinations settings work the same way for both emails and file sharing. 

      Safetica does not check the email body for sensitive content. 

       

      Example: The admin decides that @safetica.com is a safe domain and adds it into the Safe destinations column in Data destinations. Then the admin creates a policy that blocks Email and M365 file sharing to All except safe destinations. What will happen?

      Files sent as email attachments or shared via SharePoint, Teams, or OneDrive for Business to users with @safetica.com addresses will not violate the policy, since the domain is considered safe. The emails will be sent and the files will be shared.

      Email attachments and file sharing to users with other email domains will violate the policy and will be blocked.

       

      How to access records related to Microsoft 365 email and file operations

      1. View records related to Outlook on the web and SharePoint, OneDrive for Business, and Teams file activity in the Data section of Safetica console.
      2. To only see records from Microsoft 365, set the Application filter to Exchange Online, SharePoint Online, and Microsoft Teams.

       

       

      Data classification in Safetica Cloud Protection

      Safetica Cloud Protection focuses primarily on protecting files that are sent via Outlook on the web or shared via SharePoint, OneDrive for Business, and Teams from devices with Safetica Client.

      There are 2 ways of working with classified files in the cloud:

      1. Files sent via Outlook on the web or shared via SharePoint, OneDrive for Business, or Teams from a device with Safetica Client:
        • Safetica Cloud Protection knows the whole history of files that were uploaded to Microsoft 365 from devices with Safetica Client and were not changed in the cloud (e.g. from what app it was exported, from what location on the device it was sent, if any sensitive content was found in it, etc.).
        • For such files, data classification works as usual and to its full extent.
        • When Safetica Cloud Protection recognizes such a classified file, it applies the appropriate policies linked to the classification.
      2. Files that were changed or created in the cloud or transferred to the cloud from a device without Safetica Client:
        • For such files, Safetica Cloud Protection relies only on Existing classification.
        • If a file was previously classified by a tool that added classification identifiers into it (e.g. Microsoft MIP, Boldon James, or Tukan GREENmod), these identifiers will persist even when the file is transferred into the cloud, changed in the cloud, or has never been on a device with Safetica Client.
        • When Safetica Cloud Protection recognizes a file with such an Existing classification identifier, it will apply the appropriate policies linked to the data classification.

       

      Read next

      Introducing Safetica Cloud Protection

      Activating and deactivating Microsoft Outlook protection

      Activating and deactivating Microsoft Exchange protection

      Activating and deactivating Microsoft SharePoint protection

      How to add your Microsoft 365 tenant