Microsoft Defender for Cloud Apps session policy does not work for Sesitivity Label file
we are suing Microsoft Defender For Cloud Apps with the goal of implementing controls to prevent users from downloading sensitive labelled documents to unmanaged/personal devices
To accomplish this, in MDFCA we created a Session Control policy to block these activities for test users accessing M365 via a web browser. The policy configuration is below:
– Session Control type: Control file download (with inspection)
– Activities matching all of the following:
o App equals Microsoft Online Services (and all sub-services)
o User Name equals [test users]
o Device Tag does not equal Hybrid Azure AD Joined, Valid Client Certificate
– Files matching all of the following:
o Sensitivity label equals [sensitive labels]
– Inspection method: None
– Actions: Block
we are suing Microsoft Defender For Cloud Apps with the goal of implementing controls to prevent users from downloading sensitive labelled documents to unmanaged/personal devicesTo accomplish this, in MDFCA we created a Session Control policy to block these activities for test users accessing M365 via a web browser. The policy configuration is below:- Session Control type: Control file download (with inspection)- Activities matching all of the following:o App equals Microsoft Online Services (and all sub-services)o User Name equals [test users]o Device Tag does not equal Hybrid Azure AD Joined, Valid Client Certificate- Files matching all of the following:o Sensitivity label equals [sensitive labels]- Inspection method: None- Actions: Block Read More