How to lock files from leaving the org M365 via email

IMK 421 Reputation points
2023-04-20T09:10:06.02+00:00

Hi We would have a need to lock files in our Sharepoint so that they can't be sent out via email to anyone. How this could be achieved?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,217 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,150 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,028 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
370 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 17,701 Reputation points MVP
    2023-04-20T12:56:22.8333333+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    I understand that you require adding a security level for your documents in a SharePoint Site/Library. To achieve that you require Configure a default sensitivity label for a SharePoint document library

    When SharePoint is enabled for sensitivity labels, you can configure a default label for document libraries. Then, any new files uploaded to that library, or existing files edited in the library will have that label applied if they don't already have a sensitivity label, or they have a sensitivity label but with lower priority. For example, you configure the Confidential label as the default sensitivity label for a document library. A user who has General as their policy default label saves a new file in that library. SharePoint will label this file as Confidential because of that label's higher priority. For a quick summary of the possible outcomes, see Will an existing label be overridden on this page.

    Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments
  2. Emily Du-MSFT 43,511 Reputation points Microsoft Vendor
    2023-04-21T09:09:50.9933333+00:00

    In the outlook email, you could through attachment or sharing link to send files from a SharePoint Online site.

    From attachment point, you could set block download policy for a SharePoint site by using PowerShell.

    $AdminSiteURL="https://tenant-admin.sharepoint.com"
$SiteURL="https://tenant.sharepoint.com/sites/emilytest" 
  
Connect-SPOService -URL $AdminSiteURL
   
Set-SPOSite -Identity $SiteURL -BlockDownloadPolicy $true 

    From sharing link point, users even if only with read permission can share files in new outlook message. There is no option to avoid this situation.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. IMK 421 Reputation points
    2023-04-28T10:46:03.39+00:00

    Hi

    How sensitivity labels could prevent sending files, marked with sensitivity label, via email?

    I can't see a setting that would prevent a marked file to be sent out via email?

    And that BlockDownloadPolicy is not what we are looking for..

    0 comments
  4. acotrez 0 Reputation points
    2023-05-03T11:01:13.2466667+00:00

    You can apply privacy labels with encryption and set permissions for reading, editing documents according to your needs (like restricting by domain). This will not prevent sending, but you will have control over the actual access.

    0 comments