Cloud Access Monitor is NOT an inline appliance. This means that our platform in not sitting in between your users and the internet. We are authenticated with your cloud apps and provide visibility and control into the environment through API calls. Because of this, once an email is sent outside of your domain it is out of our control. Though we can act very quickly after actions are taken by your users, it is not fast enough to stop an email from being sent.

We cannot delete files unless they are owned by a user in your domain. This is a limitation caused by the permissions on the file itself. Because someone else owns it, we aren't allowed to delete it. In the event that a file is shared to a user in your domain from the outside, we always provide you visibility and details about the file. The ability to un-share that file will be possible if the owner has granted your user edit permissions. You wouldn't want other domains to delete files that your users own, so it makes sense that you can't do the same to them.

We cannot un-share files unless a user in your domain has been granted edit permissions. This is a limitation caused by the permissions on the file itself. Because someone else owns it and has not granted permission for your user to edit the file, we aren't allowed to change the sharing settings. You wouldn't want other domains to un-share files that your users haven't allowed them to edit, so it makes sense that you can't do the same to them.

We cannot audit activity on a file that is NOT owned by a user in your domain. This is a limitation imposed by google for good reason. The "Audit File Activity" API call is simply not possible to use on files owned by an outside domain. You wouldn't want other domains to have access to all actions taken on files your users own, so it makes sense that you can't do the same to them.