cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to stop sharing .pdf documents shared with outside domains in OneDrive

dilanmic
Brass Contributor

‎Dec 16 2022 06:51 PM

‎Dec 16 2022 06:51 PM

How to stop sharing .pdf documents shared with outside domains in OneDrive

Hi All,

 

I have come across below experience and appreciate anyone can suggest to overcome the issue.

 

I have created DLP policy to prevent sharing documents in OneDrive classified as Internal. the policy is working fine as expecting for office documents, however, the same document convert into .pdf and upload to OneDrive, then we could share this .pdf version with outside users.

 

I would appreciate if anyone can point out if I miss something here.

 

Please also note that, the same policy have linked with Exchange and policy is working fine with both .pdf and office files. documents classified as Internal won't be emailed to outside users even documents are in .pdf. 

 

again, just to troubleshoot, I have created another DLP policy including sensitive info type (ex: credit card info) and configured to prevent share documents in OneDrive containing credit card info with outside users. this policy is also working fine with both .pdf and office files.

 

appreciate the help here.

 

below image for office files and it working as expected:

dilanmic_0-1671245256805.png

 

below image for .pdf and it's not working as expected:

dilanmic_1-1671245268292.png

 

 

thanks,

Dilan

 

 

990 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by dilanmic (Brass Contributor)
ChristianJBergstrom

‎Dec 17 2022 05:06 AM

‎Dec 17 2022 05:06 AM

Solution

Re: How to stop sharing .pdf documents shared with outside domains in OneDrive

In EXO the DLP is built-in and that's why it's working there. How are you using this "internal" label with PDF? Are you converting the documents with a label already attached? (a new feature that has been rolled out) https://insider.office.com/hr-hr/blog/apply-sensitivity-labels-to-pdfs-created-with-office-apps or are you on the AIP unified labeling client not using built-in labeling or using the new feature in Adobe to attach sensitivity labels? https://blog.adobe.com/en/publish/2022/10/11/introducing-microsoft-purview-information-protection-mp...

Depending on your use case you could simply use a DLP preventing external sharing with file type .PDF in the policy. I.e. all PDF files will be prevented but reckon you probably don't want to do that.
1 Like
Reply
dilanmic

‎Dec 17 2022 05:57 AM

‎Dec 17 2022 05:57 AM

Re: How to stop sharing .pdf documents shared with outside domains in OneDrive

Thanks for the replying.

I am converting the office document to the .pdf that already classified as internal.

Yes, simply I could create a policy to prevent sharing all .pdf files but this something we don't want to do in Production.
0 Likes
Reply
ChristianJBergstrom

‎Dec 17 2022 06:05 AM

‎Dec 17 2022 06:05 AM

Re: How to stop sharing .pdf documents shared with outside domains in OneDrive

OK. Then it's clearer. As it's Office insider and you're converting the files I would provide feedback using the above link. Could be something that's missing in the new feature.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by dilanmic (Brass Contributor)
ChristianJBergstrom

‎Dec 17 2022 05:06 AM

‎Dec 17 2022 05:06 AM

Solution

Re: How to stop sharing .pdf documents shared with outside domains in OneDrive

In EXO the DLP is built-in and that's why it's working there. How are you using this "internal" label with PDF? Are you converting the documents with a label already attached? (a new feature that has been rolled out) https://insider.office.com/hr-hr/blog/apply-sensitivity-labels-to-pdfs-created-with-office-apps or are you on the AIP unified labeling client not using built-in labeling or using the new feature in Adobe to attach sensitivity labels? https://blog.adobe.com/en/publish/2022/10/11/introducing-microsoft-purview-information-protection-mp...

Depending on your use case you could simply use a DLP preventing external sharing with file type .PDF in the policy. I.e. all PDF files will be prevented but reckon you probably don't want to do that.

View solution in original post

1 Like
Reply