Microsoft Cloud App Security – Configuring Policy for SSN

Microsoft Cloud App Security (MCAS) is a cloud security tool that, among many other things, can scan your cloud storage for protected data (such as PII, PCI, HIPAA, etc.). In this post, we’ll configure a policy to scan OneDrive for files containing an American social security number (SSN).

There are several ways to license MCAS. You can buy it standalone, bundle it with EMS E3 or A3, EMS E5/A5, M365 E5/A5 Security, or with full M365 E5/A5. There are also subsets of features available when purchasing Office 365 E5/A5 and Azure AD Premium P1 or P2.

For information on enabling MCAS and connecting it to O365, see Enable Microsoft Cloud App Security and Connect to O365. This post assumes that you have already performed the steps outlined in that blog post.

Enable File Monitoring

To scan files in a cloud storage provider, you must first ensure that file monitoring is enabled. To do this, follow these steps.

  1. Click the Gear in the upper-right corner and select Settings.
  1. Click Files under Information Protection.
  1. Check the box and click Save.

Next, make sure that the Office 365 connector is enabled to scan files.

  1. Click Investigate, then Connected apps in the menu.
  1. Click the options button, then select Edit settings….
  1. Check the box for Office 365 files and click Connect.

Enable SSN Policy

To enable a policy to scan for SSNs, follow these steps.

  1. Click Control, then select Policies from the menu.
  1. Click Create policy, then select File policy.
  1. In the Policy template drop down, select File containing PII detected in the cloud (built-in DLP engine). Read and accept the warning message.
  1. Give your policy template a name in the Policy name field and a description in the Description field.
  2. Configure the rest of the fields per your organization’s requirements. When you are done, click Create.

You do not need to specify a filter, unless there’s an organizational need too. Leaving the filter empty will scan all files in the connected cloud service.

Test the Policy

You can verify that the policy is working by placing a file in OneDrive that contains SSNs. There are several examples online of fake SSNs that will still activate this policy. It took about three hours before I had an alert, but this was a fresh setup. I put another file in OneDrive and I had a new alert within about five minutes. To view the alert, follow these steps.

  1. Click Alerts from the menu.
  1. Click the Alert.

This screen will show you all of the details about the alert, such as the file, it’s history, and various activities related to the file.

You can take various actions on the file by clicking on the menu button.

Now you’ve created your SSN policy, triggered an alert, and taken action on a file.


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.