Need to understand how to remove external user sharing, how domain exception work for shared link

CASB O365 Securlet

1. To remove external user sharing, Remediation Action should be "Remove user as a collaborator" and not Remove Shared link.
Scenario in which what Response action to be used:
- External user share link/direct - "Remove user as a collaborator"
- Anonymous link/Organization link remove - "Remove shared link"


2. Shared link getting removed even if a domain exception is configured for it:
Scenario in which what Response action to be used:
- If it's a link sharing - we cannot differentiate the domain, so link will be removed.
- If it's a direct sharing (Ex: Guest users) - then we honor exception list and it should not remove the link.

3. Also regarding the Response action: Collaborator Access: Read is applied, still it is not changing the permission.
Scenario in which what Response action to be used:
- If it's link sharing - we cannot update the role (Microsoft doesn't have support for this).
- And if it's direct sharing then collaborator access update is possible.