Forum Discussion
Block upload of documents to other office 365 tenant
My feeling is, the easiest solution would in fact be to encrypt data and have less focus on where the data is going.
You could also use a simple conditional access policy to block auth from unmanaged devices or only allow with from trusted locations. This means even a user in the source tenant can’t take the data away from a managed device and access it - their auth would be blocked by the conditional access policy.
Ultimately, there are a number of ways of preventing data being accessed outside the source tenant. I don’t believe blocking upload to “any M365 tenant” is a realistic option.
Encryption covers many vectors. Upload to any M365 tenant doesn’t even cover all vectors and would be hard / impossible to manage.
for what a list of millions of domains needed to? Instead of contain we can use do not contain.
MZyarah I think we are both wrong. That file policy doesn't even apply to uploads, it's a sharing policy.
And I may be wrong, but I believe a collaborator is defined as a user that has been given explicit access to the data. If the user is not a collaborator, the filter would not apply.
For the policy to work, every file shared would have to be explicitly shared to specific users. If a file is shared without specifying the users it's intended to be shared with, the policy would not apply.
Crucially, that policy does not appear to have any baring on upload of data, because uploading a file is not defined as sharing a file. The file policy in question is specifically a sharing policy - that means it has to be shared - upload does not trigger a sharing policy.- You're totally right, Because of that I mentioned Sharing is not the same as Uploading in my first comment to the user.
