Forum Discussion

krishnasembee's avatar
krishnasembee
Copper Contributor
Jul 15, 2021

Block upload of documents to other office 365 tenant

I wish to block upload of documents to Other Office 365 tenant on a managed device?   Can this be achieved using MCAS
Cloud App Security
MZyarah's avatar
MZyarah
Brass Contributor

for what a list of millions of domains needed to? Instead of contain we can use do not contain. 

 

Darren_Bennett's avatar
Darren_Bennett
Copper Contributor
Jul 30, 2021

MZyarah I think we are both wrong.  That file policy doesn't even apply to uploads, it's a sharing policy. 

And I may be wrong, but I believe a collaborator is defined as a user that has been given explicit access to the data.  If the user is not a collaborator, the filter would not apply. 

For the policy to work, every file shared would have to be explicitly shared to specific users.  If a file is shared without specifying the users it's intended to be shared with, the policy would not apply.

Crucially, that policy does not appear to have any baring on upload of data, because uploading a file is not defined as sharing a file.   The file policy in question is specifically a sharing policy - that means it has to be shared - upload does not trigger a sharing policy. 

  • Darren_Bennett's avatar
    Darren_Bennett
    Copper Contributor
    Jul 30, 2021
    Which leads me back to encryption - if the data is encrypted, it doesn't matter who it's shared with. If you intend to share it with someone, you have to give them explicit access, which means they can then get an OTP or they're a guest/B2B/B2B user in your tenant.
  • MZyarah's avatar
    MZyarah
    Brass Contributor
    Jul 30, 2021
    You're totally right, Because of that I mentioned Sharing is not the same as Uploading in my first comment to the user.

Resources