-
Notifications
You must be signed in to change notification settings - Fork 70
O365 data loss prevention
Alexander Filipin edited this page Mar 5, 2021
·
9 revisions
The data protection policies used in the policy sets can be confusing on first sight. The polices cover internal and external users and make sure there is no gap on the device platforms neither on the client apps.
| Device platforms | Client app | Access control |
|---|---|---|
| iOS & Android | Browser | Trusted device or app enforced restrictions |
| iOS & Android | Modern authentication clients | App protection policy or approved client app |
| MacOS & Windows | Browser | Trusted device or app enforced restrictions |
| MacOS & Windows | Modern authentication clients | Trusted device |
| Unknown | Browser | Indirect app enforced restrictions (cannot be on trusted device) - could also be blocked via 302 |
| Unknown | Modern authentication clients | Direct block |
- App protection policies even on a trusted iOS/Android device, worth a DLP discussion. Data loss via browser on the trusted device? Rather no DLP controls at all on a trusted device?
- Data loss on trusted MacOS & Windows would be possible unless you take care of EndpointDLP
| Device platforms | Client app | Access control |
|---|---|---|
| iOS & Android | Browser | Indirect App enforced restrictions (cannot be on trusted device) |
| iOS & Android | Modern authentication clients | Direct block |
| MacOS & Windows | Browser | Indirect App enforced restrictions (cannot be on trusted device) |
| MacOS & Windows | Modern authentication clients | Indirect block (cannot be on trusted device) |
| Unknown | Browser | Indirect App enforced restrictions (cannot be on trusted device) - could also be blocked via 302 |
| Unknown | Modern authentication clients | Direct block |