Azure Cloud App Security is a great service to gain visibility in to your cloud apps and its data. It helps to identify security threats and take relevant actions to mitigate those based on policies. 

Using File Policies in cloud app security, we can scan and find sensitive information stored in cloud apps. Once these information are found we can associate different actions to it such as send alert, apply classification, change permissions etc.… . It also allows to move data found by a file policy in to a separated folder with limited access. This called as Admin Quarantine. When this is enabled under a policy,

• File will move to the admin quarantine folder

• system will delete original file

• System will place a tombstone file in original location. This file includes data which will help to releases the file. 

Prerequisites 

• In order to use cloud app security, we need E5 licenses. More details about licenses available here https://www.microsoft.com/en-gb/cloud-platform/enterprise-mobility-security-pricing

• Before start with polices, we need to get cloud apps connected. You can find more details under https://docs.microsoft.com/en-us/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps . In this demo I am going to use Office 365 and I already got it configured as connected app. 

In this demo I am going to setup file policy to recognize files with credit card details. If policy finds a matching file it will automatically move it to admin quarantine. 

To configure,

1) Log in to cloud app security portal on https://portal.cloudappsecurity.com as Global Administrator 

2) Then go to Control | Policies

3) To create new policy, click on Create policy and from drop down list select File Policy

In my previous blog post I explained how to protect sensitive email data using Azure information protection. Using data classifications and policies we can prevent users from sharing sensitive information via email. You can read more about it using http://www.rebeladmin.com/2019/01/step-step-guide-protect-confidential-emails-using-azure-information-protection/. Azure information protection can do many things to protect sensitive data in an organization. Email protection is just one feature of it. it even can protect data in hybrid environments. 

Data loss prevention (DLP) policies also capable of preventing sensitive data sharing via email. But it is only applying to office 365 services. Also, it doesn’t include classification, it only works with real-time data. let’s see some of the capabilities of DLP policies. 

• Support pre-defined data patterns on custom data patterns – Organizations can use pre-defined data patterns comes with DLP policies such as U.S Financial Data, HIPPA or create custom patterns to identify different type of data across different locations such as Exchange Online, OneDrive etc.  

• Educate Users – Using DLP policies we can send notifications to senders in a policy breach. These notifications will include, data types, reason for block etc. So next time users can prevent doing it. 

• Reporting – DLP policy can send detailed email report to administrators in a policy breach. 

• Support Office Apps – DLP policies supports Office 2016 and later desktop clients. 

In today demo I am going to setup a DLP policy to detect credit card details in emails. Also, if someone try to send it to external user via email, policy should block it. in policy breach it will send notification to sender and a detailed report to administrator. 

1. To start, log in to https://portal.office.com as Global Administrator & open Admin Center 

2. Then go to Admin Centers | Security and Compliances 

3. It will open up a new window, in there go to Data loss prevention | Policy

4. Then click on Create a policy