DLP and Sharepoint and OneDrive links

%3CLINGO-SUB%20id%3D%22lingo-sub-199590%22%20slang%3D%22en-US%22%3EDLP%20and%20Sharepoint%20and%20OneDrive%20links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-199590%22%20slang%3D%22en-US%22%3E%3CP%3Ejust%20trying%20to%20find%20a%20way%20to%20close%20a%20loophole.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20protect%20the%20sharing%20of%20a%20confidential%20document%20directly%20in%20the%20one%20drive%20or%20sharepoint%20GUI%20using%20DLP%20with%20no%20problems.%20However%20there%20is%20nothing%20I%20can%20find%20to%20stop%20me%20copying%20the%20link%20to%20the%20file%20and%20then%20emailing%20that%20externally.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20how%20to%20block%20that%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203195%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20and%20Sharepoint%20and%20OneDrive%20links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203195%22%20slang%3D%22en-US%22%3E%3CP%3EYep%20-%20maybe%20this%20will%20all%20work%20better%20once%20365%20and%20AIP%20come%20together.%3C%2FP%3E%3CP%3EJust%20all%20seems%20very%20fragmented%20and%20I%20have%20to%20overlay%20multiple%20policy%20areas%20to%20get%20what%20I%20need.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-202921%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20and%20Sharepoint%20and%20OneDrive%20links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202921%22%20slang%3D%22en-US%22%3E%3CP%3EAzure%20Information%20Protection%20allow%20you%20to%20assign%20Rights%20to%20file%20so%20that%20no%20matter%20how%20it%20gets%20out%2C%20it%20can%20be%20controlled.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-202784%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20and%20Sharepoint%20and%20OneDrive%20links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-202784%22%20slang%3D%22en-US%22%3E%3CP%3EYes%20but%20of%20course%20I%20want%20my%20users%20to%20be%20able%20to%20share%20information%20just%20not%20confidential%20types%20of%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20the%20policies%20%2F%20policy%20tips%20etc%20to%20run%20on%20the%20links%20just%20as%20they%20would%20on%20a%20document%20or%20body%20of%20the%20text.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-199677%22%20slang%3D%22en-US%22%3ERe%3A%20DLP%20and%20Sharepoint%20and%20OneDrive%20links%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-199677%22%20slang%3D%22en-US%22%3E%3CP%3EWell%20for%20starters%2C%20no%20files%20are%20available%20externally%20unless%20you%20specifically%20configure%20sharing%2Fpermissions%2C%20so%20that%20link%20will%20simply%20not%20work.%20We%20have%20dozens%20of%20controls%20to%20restrict%20sharing%2C%20with%20or%20without%20DLP.%20Another%20option%20is%20to%20use%20IRM%20to%20encrypt%20confidential%20files.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

just trying to find a way to close a loophole.

 

I can protect the sharing of a confidential document directly in the one drive or sharepoint GUI using DLP with no problems. However there is nothing I can find to stop me copying the link to the file and then emailing that externally.  

Any ideas how to block that?

4 Replies

Well for starters, no files are available externally unless you specifically configure sharing/permissions, so that link will simply not work. We have dozens of controls to restrict sharing, with or without DLP. Another option is to use IRM to encrypt confidential files.

Yes but of course I want my users to be able to share information just not confidential types of information.

 

I want the policies / policy tips etc to run on the links just as they would on a document or body of the text.

Azure Information Protection allow you to assign Rights to file so that no matter how it gets out, it can be controlled.

Yep - maybe this will all work better once 365 and AIP come together.

Just all seems very fragmented and I have to overlay multiple policy areas to get what I need.