Microsoft Cloud App Security - Part 1: Credit Card Numbers

  • Article

Microsoft Cloud App Security (CAS) - https://www.microsoft.com/en-us/cloud-platform/cloud-app-security

In this blog post, I am going to cover how to setup alerts and enforce Data Loss Prevention when a file containing credit card number is detected in a sanctioned cloud app.  A sanctioned app is a cloud application that has been approved in the Cloud App Security console.

From the Cloud App Security Console, click on Control - then Choose Templates:

CAS1

Scroll down and find File containing PCI detected in the cloud (built-in DLP engine) .  Click on the Plus to create a Policy from the Template.

CAS2

 

In this example, I changed the Policy name to File containing Credit Card Numbers in the cloud (built-in DLP engine)  to reflect that I am only looking for Credit Card numbers in this policy.

In the Content inspection check Enabled and select All: Finance Credit card number.

In the Alerts section:

  • Select Create an alert for each matching file
  • Select Send an alert as email (optional)
  • Select Send alert as text message (optional)

CAS3

 

Under the Governance section, I selected Microsoft SharePoint Online and Box and enabled the following:

  • Send policy match digest to file owner
    • CC additional users
  • Put in user quarantine
  • Enter a custom notification message: "Please do not put credit card information in files on SharePoint Online."

 

cas5

After the policy is created from a template, I created a Word and an Excel document with Credit Card numbers in SharePoint and Box.  The policy looks for and only detects actual credit card numbers, don't just put random numbers. The policy detected the Word and Excel file in both SharePoint Online and Box and quarantine the file. I also got a text message and email notification.

 

CAS6 CAS7

Now I have the following remediation options in Box and SharePoint Online:

  • Open in Box
  • Open via public link
  • Refresh file
  • Search in parent folder
  • View Hierarchy
  • View related activity
  • View related governance
  • Restore from User Quarantine
  • Remove direct shared link
  • Restrict to collaborators only

This concludes my brief Blog Post on how to detect Credit Card Numbers in a Sanctioned Cloud App using Microsoft Cloud App Security.

Thank You,

Paul Jones

Enterprise Mobility + Security

Technology Solutions Professional

South Central District