Microsoft Cloud App Security (CAS) - https://www.microsoft.com/en-us/cloud-platform/cloud-app-security
In this blog post, I am going to cover how to setup alerts and enforce Data Loss Prevention when a file containing credit card number is detected in a sanctioned cloud app. A sanctioned app is a cloud application that has been approved in the Cloud App Security console.
From the Cloud App Security Console, click on Control - then Choose Templates:
Scroll down and find File containing PCI detected in the cloud (built-in DLP engine). Click on the Plus to create a Policy from the Template.
In this example, I changed the Policy name to File containing Credit Card Numbers in the cloud (built-in DLP engine) to reflect that I am only looking for Credit Card numbers in this policy.
In the Content inspection check Enabled and select All: Finance Credit card number.
In the Alerts section:
- Select Create an alert for each matching file
- Select Send an alert as email (optional)
- Select Send alert as text message (optional)
Under the Governance section, I selected Microsoft SharePoint Online and Box and enabled the following:
- Send policy match digest to file owner
- CC additional users
- Put in user quarantine
- Enter a custom notification message: "Please do not put credit card information in files on SharePoint Online."
After the policy is created from a template, I created a Word and an Excel document with Credit Card numbers in SharePoint and Box. The policy looks for and only detects actual credit card numbers, don't just put random numbers. The policy detected the Word and Excel file in both SharePoint Online and Box and quarantine the file. I also got a text message and email notification.
Now I have the following remediation options in Box and SharePoint Online:
- Open in Box
- Open via public link
- Refresh file
- Search in parent folder
- View Hierarchy
- View related activity
- View related governance
- Restore from User Quarantine
- Remove direct shared link
- Restrict to collaborators only
This concludes my brief Blog Post on how to detect Credit Card Numbers in a Sanctioned Cloud App using Microsoft Cloud App Security.
Enterprise Mobility + Security
Technology Solutions Professional
South Central District