Enhanced File Sharing
Proofpoint CASB provides enhanced visibility and control over external sharing of files within Google Workspace and Microsoft 365 for direct and indirect sharing of files with group (One Drive and SharePoint and Google Drive and Shared Drive).
External file sharing with groups can happen in a few different forms:
-
Direct (Content Sharing): A user shares a file or a folder on their Microsoft 365/Google Drive directly with a group that includes an external user
-
Indirect (Content Updates): A user uploads a file to a folder on Microsoft 365/Google Drive that is shared with a group that includes an external user|
-
Indirect (Content Updates): A user uploads a file to a Microsoft 365/Google Shared Drive, that can be accessed by an external user
In Microsoft 365 groups are modeled as SharePoint sites whereas in Google Workspace sharing files with groups behaves similar in Google Drive (personal) and Shared Drive.
Group Share Level Calculation Logic
CASB performs weekly sync of all groups and their members and to calculate the groups share level and user domains based on its members. Groups containing internal users only will have “Internal” share levels while groups with one or more external user will have “external” share levels.
in addition to the weekly sync, CASB monitors group membership activities such as users added to groups and updated the groups share level based on the newly added users' share level (internal or external).
Viewing Group Share Level
Proofpoint CASB calculates the share level of each group and Shared Drive based on its members and group membership related activities and presents the file’s share level as part of the share/upload activity and in the permissions section in the Data page (Data Security Workbench > Data). Filter by Share Level value External.
Related Topics:
Enhanced File Sharing Microsoft Teams