Hello@OneTechBeyond
There are a lot of ways to prevent / restrict document and data sharing from the Office365 Workloads.
Depending on what licenses you have then you might have access to different tools.
Some Tools that I always recommend to use are
- DLP ( Data Loss Prevention ) - This can prevent users from sharing PIP/GDPR related data
- Labels/Tags - Labels together with a label policy can automatically or manually add labels to documents, emails and other data. These Labels have different levels of sensitivity ( Public, Confidential, Very Condidential ) These labels prevent users from for exampel forwarding, printing or copy&Paste data from emails that have the label/tag applied to it
- Sharing Policy in OneDrive and SharePoint - Restricting your users to only share data from OneDrive and SharePoint with external users is also a good thing to do.
You can allow users to only share documents with external users that are already in your Azure AD ( AKA , Guest users in your Azure AD )
- MDM ( Intune ) - Set up security and compliance policies in Intune to lock down how your mobile devices are accessing company data etc.
- Conditinal Access Policy - This is a very great tool in Azure AD, Conditional Access is policies that you set up to control what and who can access information and data in Office365 and Azure.
You can for example set up a policy that says "only allow access to a certain SharePoint site if your're on the internal network or on a Azure AD joined device"
Above I've just given you a quick overlook on what posibilities you have and what tools I suggest.
Read up on them, mostly DLP , MDM/Intune and Conditional Access in your scenario.
Let me know if you want some clarification in any of the mentioned tools :)
If you are satisfied, please feel free to mark my reply as " Best solution"
Kind Regards
Oliwer Sjöberg
