I am looking for a solution which can provide me greater transparency of my users uploading files to non enterprise owned cloud storage tenants. 99% of the time this would be OK, however, there are instances where we may need to monitor or retrospectively review cloud storage. The tenant level analysis is key to my requirement.
eg. an accountant uploads a tax return to their own private google drive storage which is not part of the corporate network (We have a corporate DMS and are Office365 centric). This document does not contain any DLP tags or other identifiers to make it a known “type”. I simply want to be able to know that a user uploaded a file called random.pdf to a non firm cloud storage provider.
I are currently using MS 365 E5, with a strong focus on Defender, the MS ATP stack and incrementally building integration into the Sentinel engine. Our current forward proxy logs are shipped to MS CASB providing us with high level information.
Is this possible now or in the near future, any feedback would be appreciated.