Forum Discussion
Solved
DLP inspection for content shared with external users in Teams
Is there a way to apply the MS DLP to inspect content shared with external users (not guest). Inspecting content that is shared externally is a be a very common requirement when implementing DLP ...
- Hmmm, afaik it does: see here: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide and section restrict access to content. AFAIK, the other user it has been shared with cannot access it.
In terms of downloading, well, you would probably look to use app protection policies using Intune in order to block downloads on non managed devices
https://docs.microsoft.com/en-gb/mem/intune/protect/data-leak-prevention
Or you could look to apply sensitivity labels, for example on Teams to require the device to be managed
https://microsoft365pro.co.uk/2019/12/10/teams-real-simple-with-pictures-using-sensitivity-labels-to-regulate-the-privacy-and-guest-access-of-a-team/
If you were taking a zero trust policy no device accessing the corporate access or applications would be non-managed.
Best, Chris
I am not sure i fully understood the setting we are required to do, but i could understand the bottom line that is written clearly in your great blog that :
"DLP for external chat sessions will only work if both the sender and the receiver are in Teams Only mode and using https://docs.microsoft.com/microsoftteams/manage-external-access."
In other words, if the other side is not Teams only or is Skype for Business - content will not be inspected and sensitive data can be shared. Is this a correct understanding?
Correct 😄
Best, Chris
Best, Chris