Freitag, 15. März 2019

Focusing Cloud App Security Policies to dedicated Objects


In CAS we can focus policies to dedicated object. For example, you have a SharePoint Online Site with sensitive content, and you will get informed if a user is doing a mass download.
We can use the “Mass download by a single user” template to set up a policy:

In the filter section if the policy select “edit and preview results”:

In the shown activities list search for the location or event ion which you will filter. In my demo I take https://sharepointtalk.sharepoint.com/teams/SearchDemo2:

Selecting “Activity Objects” opens a report with all objects and its ID´s. To filter on the SharePoint SiteCollection URL we need the second one:

Now we can use this ID as a filter: