How to configure a DLP policy to match a specific MS Sharepoint site (Office365)?

book

Article ID: 222015

calendar_today

Updated On:

Products

CASB Security Advanced CASB Securlet SAAS CASB Security Standard

Issue/Introduction

There are times where the requirement is to apply certain business conditions (or a set of conditions) on a particular Microsoft Sharepoint site in the Office 365 (O365) environment.

This is the opposite of applying the DLP policies to all Sharepoint sites within the environment.

Cause

Business requirement or a specific use case

Environment

  • Cloudsoc integrated with CDS and DLP enforce
  • Microsoft Office365 Securlet is activated and in a healthy state
  • Access to DLP enforce with enough permissions to modify the policies

Resolution

There are two ways to achieve this:

  1. Using a custom contextual attribute of type "String", targeting the site name 
  2. Using a predefined contextual attribute condition named "Sharepoint site name" (available on the recent versions of Enforce).

 

1- Using the Contextual Attribute

 

Steps:

  • Create a new DLP Policy (blank)
  • Fill in the required fields (Name, Policy Group ..etc)
  • Click on "Add Rule"
  • Select "Contextual Attributes" then click "Next"
  • under the "Conditions" section, click the dropdown names "Attribute"
  • Select "String Attribute" - under Custom selection group-
  • Set the name of the attribute as "common.sharepoint"
  • Set the "Match" value based on the required criteria (either  Regular expression exact match/case sensitive matching or Insensitive matching)
  • Modify the rest of the policy as needed (it can be saved without any actions for testing and validation)

 

Example:

In this example, the rule is based on a regular expression and targeting any site name that contains the substring "MySite" at any part of the site URL, this would match URL's like:

  • https://customdomain.sharepoint.com/sites/MySite
  • https://customdomain.sharepoint.com/sites/abc_MySite
  • https://customdomain.sharepoint.com/sites/abc_MySite_xyz

 

2- Using the predefined condition:

 

Steps:

  • Create a new DLP Policy (blank)
  • Fill in the required fields (Name, Policy Group ..etc)
  • Click on "Add Rule"
  • Select "Contextual Attributes" then click "Next"
  • under the "Conditions" section, click the dropdown names "Attribute"
  • Select "Sharepoint Site Name" - under the Data Exposure selection group-
  • Set the "Match" value based on the required criteria (either  Regular expression exact match/case sensitive matching or Insensitive matching)
  • Modify the rest of the policy as needed (it can be saved without any actions for testing and validation

Example:

In this example, the rule is based on un insensitive  matching and targeting an exact site name regardless of the case (lower case or upper case), this would match URL's like:

  • https://customdomain.sharepoint.com/sites/MySite
  • https://customdomain.sharepoint.com/sites/mysite
  • https://CUSTOMdomain.sharepoint.com/sites/mYsItE

Attachments