Focus

SaaS Security Administrator's Guide

Group-Based Visibility

Table of Contents

Group-Based Visibility

Learn about the group-based visibility capabilities that Data Security offers.

Without policy enforcement and visibility at a granular level, organizations are vulnerable to sensitive data loss and unauthorized access. Data Security offers the following group-based visibility capabilities. However, before you can use group-based visibility, Data Security must connect to Azure AD and scan for your groups.

Group-based policy—Offers granular enforcement of asset rules based on AD user group information. For example:

Policy	Automatic Remediation
HR employee shares a sensitive folder with entire company.	Create an incident.
Engineering employee shares a sensitive folder with entire company.	Notify file owner.

Group-based incident management—Combines AD groups with role-based access control to enable differentiated permissions for administrators, enabling productivity while limiting visibility to the data stored on your managed SaaS apps.

Group-based selective scanning—Use to include or exclude specific AD groups from scans to adhere to data privacy regulations. For example, you might want a group to have different privacy rules than another group, or you need to exclude users within a group due to confidentiality of assets.

Monitor and Investigate User Activity

Connect Directory Services to Data Security