CLOUD SERVICES
      Back to home
      1. Safetica
      2. MANAGEMENT: Manage your environment
      3. CLOUD SERVICES

      🆕Protecting file sharing in Microsoft 365

      Safetica Cloud Protection helps you protect Microsoft 365 files by either automated or manual sharing control.

      In this article, you will learn more about:

       

      Introduction

      With Safetica Cloud Protection, you can:

      1. Protect files classified with existing classification: Files classified by third-party tools that added classification identifiers into them (e.g. Microsoft MIP, Boldon James, or Tukan GREENmod) can be audited and blocked in SharePoint (both files and folders), OneDrive for Business, Teams, or Outlook on the web, even on devices without Safetica Client.
      2. Protect files without existing classification: Policies based on other than existing classification work only for operations made from devices with Safetica Client (or if the files are not modified in the cloud).
      3. Audit all file sharing and other file movements: Sharing, download, and upload to and from Microsoft 365 can be audited even on devices without Safetica Client.

       Learn how policies and data classification work in Safetica Cloud Protection here.

       

      How M365 file sharing protection works

      Safetica enables you to control the sharing of sensitive files within Microsoft 365 by creating policies for M365 file sharing. Here's how it works:

      • Blocking policies
        • File sharing is automatically canceled if it violates a blocking policy.
        • If an end user shares a file that violates a policy that blocks file sharing, the sharing will be automatically canceled, and the user will receive an email notification about this cancellation.

      Processing of the blocking operation may take some time. For this reason, the file sharing will not be canceled immediately but in up to 5 minutes.

      • Non-blocking policies
        • File sharing can be canceled manually if it violates a non-blocking policy.
        • If an end user shares a file that violates a policy that logs or notifies file sharing, the sharing will only be logged.
        • The sharing will not be canceled, and no email notification will be sent to the end user.
        • Admins will have the option to manually cancel specific file-sharing operations in the Safetica console. The Cancel this sharing button can be found in the respective operation detail.

      There is also always a link to the file in the operation detail, so that admins can review it.

      Example 1: Sharing violates a blocking policy

      The admin decides that @safetica.com is a safe domain and adds it into the Safe destinations column in Data destinations. Then the admin creates a policy that blocks Email and M365 file sharing to All except safe destinations:An end user then shares a company file using an anonymous link (the Anyone option). What will happen with the file?

      The anonymous link can be used by anyone – even people outside the safe @safetica.com domain. Therefore, the blocking policy is violated, and the sharing will be canceled. The end user will receive an email notification about this.

       

       

      Example 2: Sharing to specific addresses violates a non-blocking policy

      The admin has a logging policy for M365 file sharing. An end user shares a file to 2 people. One of them has an @safetica.com email address and the other an @seznam.cz address. How can the admin cancel the sharing to the @seznam.cz address?

      The admin will see 2 records in Safetica console related to the sharing operation – one for each person. The admin can then manually cancel the sharing to @seznam.cz by opening the operation detail and clicking the Cancel this sharing button. The sharing to @safetica.com will be unaffected by the cancellation and will keep working.

       

       

      Example 3: Sharing to anonymous link violates a non-blocking policy

      The admin has a logging policy for M365 file sharing. An end user shares a file via anonymous link. What will happen when the admin cancels such sharing?

      The admin will see a record in Safetica console with the destination type Anyone with the link. When the admin decides to manually cancel the sharing, they open the operation detail and click the Cancel this sharing button. The anonymous link will be canceled for all users.

       

       

      What the admin sees in records

      Admins can view M365 file sharing operations by using the Operation > M365 external sharing and Operation > M365 internal sharing filters in the Data section of Safetica console.

       

      Example: The screenshot below displays an M365 external sharing operation that was blocked based on the Block sensitive data policy. The sharing was done via an anonymous link (Destination is Anyone with the link).

       

      Viewing actions performed by external users

      • In the user tree under Cloud users > External users team, the External user represents anonymous and guest users that are not part of your M365 tenant (i.e. guest users not licensed in your tenant, unnamed users that opened an anonymous link, etc.).
      • File sharing, downloads, or uploads performed by external users are recorded under this External user. For example, downloading a file shared via an anonymous link will be recorded here.