: Group-Based Visibility
Focus
Focus

Group-Based Visibility

Table of Contents

Group-Based Visibility

Learn about the group-based visibility capabilities that Data Security offers.
  • New customers (onboarded your apps to Data Security on or after November 1, 2024) and FedRAMP customers: Integrate CIE with Data Security.
  • Legacy customers (onboarded your apps to Data Security before November 1, 2024): If you have been using Microsoft Azure AD, continue with the following topic.
Without policy enforcement and visibility at a granular level, organizations are vulnerable to sensitive data loss and unauthorized access. Data Security offers the following group-based visibility capabilities. However, before you can use group-based visibility, Data Security must connect to Azure AD and scan for your groups.
Group-based policy—Offers granular enforcement of asset rules based on AD user group information. For example:
Policy
Automatic Remediation
HR employee shares a sensitive folder with entire company.
Create an incident.
Engineering employee shares a sensitive folder with entire company.
Notify file owner.
Group-based incident management—Combines AD groups with role-based access control to enable differentiated permissions for administrators, enabling productivity while limiting visibility to the data stored on your managed SaaS apps.
Group-based selective scanning—Use to include or exclude specific AD groups from scans to adhere to data privacy regulations. For example, you might want a group to have different privacy rules than another group, or you need to exclude users within a group due to confidentiality of assets.