Forum Discussion
Protecting Intellectual Property with O365
Hello All,
Please forgive me if there is already detailed conversations on this topic, and please post if you have them handy 🙂
My Company recently acquired Office 365 (E3 and E1 plans) for all staff. Now that we have this wonderful suite of tools, top management is now asking how can we make use of all these tools to protect intellectual property. Management's core concern is that an employee can copy any physical file and place it on a personal machine and open the file thus theft of company property.
To help calm these concerns, we are looking at a couple solutions:
- Originally we looked into blocking OneDrive access to certain IP Addresses but the concern there is we have remote employees and especially our CEO/CTO travels a lot for pre-sales support, so IP address restriction is not a great option.
- Next we are looking limiting Sync from Onedrive to computer to only computers on the domain. This is great but 2 concerns:
- Users can still access Onedrive.com from personal machine. I think however we can restrict Onedrive.com login to only those machines who are connected to the work domain, but not positive.
- Even if we can restrict the concern in the previous bullet, users can still copy the file on to a removable USB drive. We could of course disable USB ports but that is honestly really tacky.
So here is my crazy idea, and no idea if it is plausible. but if we can restrict staff to only save files to the OneDrive sync folder, thus associating it to OneDrive, is it possible to "lock" these files and have them only open on a different machine if user sets the "Account" in Office to match the company's O365 organization?
So for example, I am Joe Smith, an employee of Acme, Inc. On my computer that is joined to Domain Acme.com and I copy a file that was from Onedrive to my USB. I then go to another computer that is NOT on acme.com domain, and when I open the file, it will prompt me to login using acme.com account and if I use an account that is either not acme.com, or I use my acme.com account and sign-in is disabled (employee left company) that the file does not open?
If the above dream idea is possible, is it further possible to setup this rule for only a segment of users in acme.com domain, or is it a global configuration? For example, for Sales, team or management team, I might want to send certain files to the client. I do not want to give client an Office365 account from my organization to access the file as: a. that is too complex for client and b. it will wast a subscription license. I as a C-Level user, should have ability to share a file form OneDrive to external staff.
So to recap, Middle-management and below can access files copied from onedrive sync folder to another machine as long as they have a valid account. Certain other indivdiuals such as top management or sales team, can forward files to external clients and those external clients can open the file without login prompt.
Any thoughts or at least links on similar topic is appreciated!!!
Best Regards,
Jeff Kozloff
2 Replies
Hi Jeff, has Salvatore said, you can use RMS in Office 365 but in E1 licences you have to buy an Add-On or upgrate to E3.
Here you have the process of RMS in Office 365.
Have you considered IRM?
See for example https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c?ui=en-US&rs=en-US&ad=US
