Azure Cloud App Security is a great service to gain visibility in to your cloud apps and its data. It helps to identify security threats and take relevant actions to mitigate those based on policies.
Using File Policies in cloud app security, we can scan and find sensitive information stored in cloud apps. Once these information are found we can associate different actions to it such as send alert, apply classification, change permissions etc.… . It also allows to move data found by a file policy in to a separated folder with limited access. This called as Admin Quarantine. When this is enabled under a policy,
• File will move to the admin quarantine folder
• system will delete original file
• System will place a tombstone file in original location. This file includes data which will help to releases the file.
Prerequisites
• In order to use cloud app security, we need E5 licenses. More details about licenses available here https://www.microsoft.com/en-gb/cloud-platform/enterprise-mobility-security-pricing
• Before start with polices, we need to get cloud apps connected. You can find more details under https://docs.microsoft.com/en-us/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps . In this demo I am going to use Office 365 and I already got it configured as connected app.
In this demo I am going to setup file policy to recognize files with credit card details. If policy finds a matching file it will automatically move it to admin quarantine.
To configure,
1) Log in to cloud app security portal on https://portal.cloudappsecurity.com as Global Administrator
2) Then go to Control | Policies
3) To create new policy, click on Create policy and from drop down list select File Policy