Managing Document Expiry Without User Authentication

Daniel Rodriguez 0 Reputation points
2024-04-11T19:55:42.4633333+00:00

I'm seeking advice on strategies to reduce our organization's attack surface by ensuring that public files expire automatically after a set period, such as 30 days. Our objective is to distribute files publicly without the need for user authentication but then retract access after the expiration period.

The challenge we face is that typically, a document must be 'checked in' or authenticated to verify its expiry status. Is there a method within Microsoft's suite of tools or services that can enforce such an expiration policy on documents, without the need for authentication at the point of access? This approach would ideally apply to documents irrespective of their location and be controlled by a sensitivity label.

Any guidance or alternative strategies that align with this security model would be greatly appreciated.

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,171 questions
{count} votes

1 answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 89,646 Reputation points Microsoft Employee
    2024-04-12T07:31:15.3533333+00:00

    @Daniel Rodriguez - Thanks for the question and using MS Q&A platform.

    Microsoft Purview is a data governance service that provides a unified and integrated experience to discover, understand, and manage your data. However, it does not have a built-in function to automatically expire public files after a set period without the need for user authentication.

    Instead, you can use Azure Blob Storage to store your public files and configure a lifecycle policy to automatically delete files after a set period. Azure Blob Storage is a scalable and cost-effective object storage service that allows you to store and access large amounts of unstructured data, such as text or binary data.

    To configure a lifecycle policy in Azure Blob Storage, you can use the Azure portal, Azure PowerShell, or Azure CLI. The lifecycle policy allows you to define rules for automatically deleting or moving blobs based on their age or other properties. For example, you can define a rule to delete blobs that are older than 30 days.

    You can also use Azure Information Protection to apply sensitivity labels to your files and control access to them based on the label. Sensitivity labels can be used to classify and protect your data based on its sensitivity level, and they can be applied to files stored in Azure Blob Storage, SharePoint Online, and OneDrive for Business.

    I hope this helps! Let me know if you have any further questions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.