Block or Log Files Copied Outside of Company with Microsoft 365 | Demo

Ғылым және технология

Real-world install demo-heavy video of how to manage the accidental or intentional copying of company files outside the company. File folder security only controls who gets access to the folder but does nothing to control or log the movement of data outside the folder. As soon as someone gets access to the file they want, they can do whatever they want with it - and nothing is tracked or logged! Crazy!! This video shows a solution to that problem using technology inside Microsoft 365 Enterprise: Microsoft Intune App Protection Policies, Windows Information Protection and Windows 10. I show what happens when files are copied to a USB drive, to a personal email account, and when copied to other areas inside the company. I also show some of the current limitations with this technology around PDF files and Azure Information Protection.
www.xerillion.com

Пікірлер: 14

  • @lilflip100
    @lilflip1005 жыл бұрын

    Great video. I really enjoy your content. Very informative, the videos are not too long and you have nice voice which I like to listen to. Thumbs up!

  • @RobBastien
    @RobBastien4 жыл бұрын

    Great content, terrifically presented!

  • @RobFahndrich1
    @RobFahndrich15 жыл бұрын

    Great video! tell me, do you set the labels on a folder and each file then inherits the folders labels or do you have to label every file individually?

  • @Xerillion

    @Xerillion

    5 жыл бұрын

    Thanks Rob! And thanks for teaching me about the glyph! :) Security labels are applied to documents, not folders, and thus don't inherit labels. With an E5 subscription, you can set conditions that automatically apply security labels - which is what I do in my case, as well as applying a default label which is set for employees only, but for which they can downgrade the label to remove the security with a justification prompt which logs the event.

  • @noeldecomarmond25
    @noeldecomarmond253 жыл бұрын

    Great video as always, but I have a question: When I went to set this up, there was no default Windows policy (only Android and IOS) so I had to create one from scratch. I made the policy "without enrollment" and applied it to a couple of users to test. Anyway. Everything appeared to work until a bit later when the users told me they couldn't open files on their Desktop and in their Documents and Pictures folders. Windows apparently classes them as non-work locations. Opening files from the synced SharePoint folders works as expected. Did I miss something when I was setting this up? I would have thought that Desktop and in their Documents, etc., would be classed as work locations by default. Anyway, I've had to disable the policy for now, until I can figure it out. (This also required me to manually decrypt the affected folders)

  • @Xerillion

    @Xerillion

    3 жыл бұрын

    Hi Noel, I'm glad to see you tried it out. And, yeah, you are running into issues we have also run into. My overall opinion is that app protection policies for WindowsOS are for very restrictive environments where data and intellectual property must be highly secured and worked with inside selective apps that understand work files. Microsoft is "mobile-first" so IOS and Android get a better experience with tech like this before Windows unfortunately. I do think this has its place, but it will break apps that don't understand how to work with it.

  • @dibakardutta911
    @dibakardutta911 Жыл бұрын

    Good video. If I directly open onedrive in browser, I can copy and paste the data. How to prevent that. Is there any idea.

  • @gogosst
    @gogosst3 жыл бұрын

    What licenses do I need for using this policy? To block files copied outside of company from Windows 10 pcs?

  • @Xerillion

    @Xerillion

    3 жыл бұрын

    You just need a subscription that had Microsoft Intune.

  • @BorisJohnsonMayor
    @BorisJohnsonMayor Жыл бұрын

    Will this also prevent folks from creating a shared link externally directly from OneDrive? Or would we need to block external sharing and whitelist external addresses/domains that are allowed to be shared to?

  • @Xerillion

    @Xerillion

    Жыл бұрын

    It will block any data movement based on your configuration.

  • @JRock1900
    @JRock19005 жыл бұрын

    The DATA can always be copied and pasted onto a new spread sheet

  • @Xerillion

    @Xerillion

    5 жыл бұрын

    I just tested it to verify and the action was not allowed. I opened up a company spreadsheet, copied the data inside it, created a new spreadsheet, and then tried to save it to my personal OneDrive account and got this message: "Only the locations approved by your organization are available", so it wasn't even an option to move it out of the company - even as a new unnamed spreadsheet with a simple copy/paste. If I did save the copy as a work file and then tried to move it, I'd get the warning that it was being logged. If I saved it as a work file and then tried to copy/paste outside the company, I'd get blocked from doing so as I demonstrated in the video. Thanks for the comment though. At the end of the day, this system is more about "slowing people down" and creating some accountability which is far better than what most systems have - which is nothing; just a simple folder with a security group protecting it. Once someone has access to the secured folder the files inside are essentially naked - anything goes with that file and all the data and money the company spent to create the file and the data.

  • @JRock1900

    @JRock1900

    5 жыл бұрын

    Xerillion Agree! It does make it harder for the average user. Love your videos!

Келесі