Block upload of documents to other office 365 tenant

Darren_Bennett
Copper Contributor
Jul 30, 2021
What if all data is encrypted? What happens to sharing or uploading or any other means of exfiltration?

Sharing, uploading, it doesn't matter if the data is encrypted and only corporate devices can be used to authenticate so they can access the data.
- MZyarah
  Brass Contributor
  Jul 30, 2021
  As I know tenant restrictions not applied beyond corporate network perimeter or maybe it can be done with special criteria.
  
  About the Encryption, for me I like to Encrypt the data everywhere however the main question was the MCAS is able to fix this issue!
  
  In the question which not clear enough, I don't think the encryption will solve the requirements.
  
  Let's consider this scenario, you have access for two tenants, one of them provided you with a managed device " mentioned in the main question also".
  
  Now you have Managed Device and access to data in Tenant1 and Only access to data in tenant2 (you can consider the data is encrypted at rest and in transit if you like)
  
  for example, what will prevent the user from opening a web session and browse to the tenant2 OneDrive and copy data from the local/tenant1 data to the second one?
  
  If the encryption help, can you refer me to a doc/blog explaining same thing please.
  - Darren_Bennett
    Copper Contributor
    Aug 01, 2021
    In that scenario, you use a conditional access policy that states the device must be compliant to authenticate. The user would need a device for each tenant.
    
    Again this now fixes this one very specific issue.
    
    I think we need clearer definition of what the intended outcomes are. I agree, there are many scenarios, without knowing more, I don't believe we can provide an answer.

Forum Discussion

Block upload of documents to other office 365 tenant