Netskope Global Technical Success (GTS)
Microsoft Teams: DLP Controls for Activity - 'Upload' & 'Download'
Netskope Cloud Version - 129
Objective
Implement DLP Controls for Activity ‘Upload’ & ‘Download’ on Microsoft Teams
Context
This document aims to provide a comprehensive guide on implementing DLP controls for Activity ‘Upload’ & ‘Download’ on Microsoft Teams Web & Native Application Access
Prerequisite
Netskope Next-Gen SWG license is required
Do You Know?
- Netskope acknowledges Microsoft Teams as a Cloud Application and provides a pre-defined cloud app connector.
- As of July 12, 2025 with Netskope’s Microsoft Teams predefined connector, customers can exercise control over the following activities:
- Currently, Netskope does not support the 'Upload' activity for Microsoft Teams. However, based on the network logs, both upload and download activities are initiated through request URLs from the my.sharepoint.com domain
- The domain my.sharepoint.com is associated with Microsoft Office 365 OneDrive for Business which supports Upload activity for DLP Protection.
- The Referrer URL here is https://teams.microsoft.com which can be viewed on the SkopeIT event also
Author Notes
For this lab recreation, a Pre-defined DLP Profile ‘DLP-PCI’ is used to detect the violation of Credit Card Numbers.
Pre-defined DLP profiles are recommended for use only during POCs and testing purposes. It is advised to use only the required pre-defined DLP identifiers within custom DLP profiles to minimize false-positive incidents.
Configuration
- Create an HTTP Header profile
Path: Netskope Tenant UI >>> Policies >>> HTTP Header
- Create Custom URL Category for URL ‘my.sharepoint.com’
Path: Netskope Tenant UI >>> Profiles >>> URL Lists
Path: Netskope Tenant UI >>> Profiles >>> Custom Categories
Create a Real-Time Protection Policy
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection
Verification
Access Microsoft Teams Web - https://teams.microsoft.com
- Try Uploading & Downloading the content violating DLP policy
Now, Access Microsoft Teams Native Application
- Try Uploading & Downloading the content violating DLP policy
Note - User Notification format used above Link
- Let’s review the transactions
Path: Netskope Tenant UI >>> Policies >>> Realtime Protection Policies
As you can see below, The alert is triggered by the Application ‘Microsoft Office 365 OneDrive for Business’ from the URL ‘my.sharepoint.com’ through the Referrer URL as ‘teams.microsoft.com’.
- DLP Incidents
Path: Netskope Tenant UI >>> Incidents >>> DLP
Sample File ‘Employee Credit Card Info.xlsx’ was used for the upload & download activity
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
