Skyhigh Security Cloud 7.0.2 Release Notes (April 2026)

View Accurate Unique Matches Count in Policy Incidents Cloud Card  

The Policy Incidents Cloud Card now displays an accurate Unique Matches count for a document that triggers an incident for Sanctioned DLP policy violations. This improvement eliminates the need for SOC admins to download and manually inspect evidence files whenever the cloud card shows a low match count, significantly improving the ability to efficiently manage and respond to high-severity incidents. For more details, see Policy Incidents Page Cloud Card.

▶ Explore Navigation Details and User Interface

Navigation Path: To view Unique Matches count, go to Incidents > Policy Incidents > Policy Incidents > click an incident from the Policy Incidents table.

View File Location Details for Google Chat in DSPM Data Explorer 

The Data Explorer dashboard includes file location details to help you identify and locate files during investigations. Currently, this support is extended for Google Chat, OneDrive, and SharePoint, enabling administrators to pinpoint the exact origin of files within chat threads. For more details, see Limitations of Data Explorer.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the file location in DSPM Data Explorer, go to Analytics > DSPM Data Explorer > select chart view > select a Classification and Object Name using filters > click an applicable object from the results.

Save CASB Evidence 

DLP Evidence is a copy of the compromised content that violates a CASB policy detected during the policy evaluation. This copy of compromised content is linked to the relevant incident and saved in your data storage, enabling further forensic analysis of generated incidents. 

This is achieved by creating a classification-based rule in CASB Policy, setting an additional response named Save Evidence. When a CASB policy is violated, the Save Evidence response is triggered, and evidence files are saved on the generated incidents. Skyhigh allows saving evidence files to user-defined AWS S3 or Azure Blob storage for further analysis. For more details, see Save CASB Evidence.

▶ Explore Navigation Details and User Interface

Navigation Path: To configure response as Save Evidence, go to Policy > DLP Policies > Actions > Sanctioned Policy > Create New Policy > Rules &  Exceptions > Responses.

Improved Data Visibility in DSPM Data Explorer with Unified Expanded Scan  

The Unified Expanded Scan performs DSPM scan for additional data classifications, which are not part of the original DLP policy. This can also be referred to as beyond-policy-extended data categorization. For instance, a DLP policy (Sanctioned or Shadow-IT), which is defined to block any document containing Social Security Numbers (SSNs) uploaded to AI services, will now scan for additional classification types such as Source Code, PHI, HIPAA, etc.

This Expanded scan does not affect the existing policy behaviour to trigger a DLP incident when the content matches one of the additional classifications. For example, if a document is scanned for SSN DLP policy and it does not have a match for an SSN number, but has source code in it, no incident is created as the policy did not intend to do so. However, this document will be shown in the DSPM Data Explorer Dashboard as it contains source code (pre-canned classification) instead of SSNs. For more details, see Improved Data Visibility in DSPM Data Explorer with Unified Expanded Scan.

Enable Policyless Data Discovery for NRT-based Events  

The Skyhigh DSPM facilitates auto-discovery (Policyless discovery) of data, which is aimed at automatically categorizing sensitive data from sanctioned apps based on near-real-time (NRT) events. Data activities performed on sanctioned cloud services trigger an automated DSPM scan to identify sensitive data contained in the target file.

Unlike traditional DLP methods that only track data matching specific policies, the Skyhigh DSPM Policyless Scan automatically captures every file-based interaction to classify the content of the file, the user, date modified, location, digest information—all without mandating pre-defined DLP policies.

This visibility allows data administrators to proactively discover all sensitive data in their sanctioned services, along with data risks identified based on several factors such as risky service or risky user. With the discovery of sensitive data characteristics, the Data Explorer streamlines risk assessment and strengthens the organization’s overall security posture. For more details, see Enable Policyless Data Discovery for NRT-based Events.

Enhanced Controls for Agentless Notifications  

Skyhigh now introduces the Don’t Show Agentless feature, giving you greater control over agentless notifications. These notifications typically display when agentless actions are triggered, but in some cases, they may be unexpected or disruptive. This enhancement enables you to configure policies to determine when agentless notifications are displayed or suppressed, helping reduce unnecessary pop‑ups and streamline the user experience. For more details, see Control Agentless Notifications.

▶ Explore Navigation Details and User Interface

Navigation Path: To view Don’t show agentless, navigate to Policy > Web Policy > Policy > New Ruleset and select Library Ruleset > Check the Browser Control box > Check the Agentless Notification > Add.

Print and Context Menu Protection  

Secure Browser Controls now includes Print Protection and Context Menu Protection, designed to strengthen safeguards against content exfiltration from browsers.

Print Protection. Blocks all printing options, including keyboard shortcuts and menu commands. For more details, see Prevent Print and Context Menu Actions. 

▶ Explore Navigation Details and User Interface

Navigation Path:  To block all printing options, navigate to Policy > Web Policy > Policy > New Ruleset and select Library Ruleset > Browser Control > Print Protect > Toggle the On/Off button.

Context Menu Protection. Disables the right-click menu to prevent the use of actions that might expose sensitive data

▶ Explore Navigation Details and User Interface

Navigation Path:  To block the use of the context menu, navigate to Policy > Web Policy > Policy > New Ruleset and select Library Ruleset > Browser Control > Context Menu Protect > Toggle the On/Off button.

Enhanced Application Group Management for Private Application   

Private Access now allows users to assign multiple application groups (tags) to a single private application and edit these associations as needed. This enhancement improves flexibility and control when managing private applications, simplifies policy configuration using tag-based rules, and streamlines updates by enabling dynamic modification of application group assignments. For more details, see Add Applications.