Microsoft is rolling out a new Office 365 policy that will let admins automatically block guest access to new files in OneDrive for Business and SharePoint Online until they have been fully scanned for sensitive information. According to Microsoft, this new Data Loss Prevention (DLP) policy is rolling out now and will be available for all commercial customers in mid-July.
It is worth noting that enabling guest access (external sharing) for OneDrive for Business and SharePoint is entirely optional, but this new Data Loss Prevention policy aims to prevent guests from accessing sensitive content. When DLP is enabled, external access to new files in SharePoint Online and OneDrive for Business will be automatically blocked until those files have been scanned for any sensitive information.
This new DLP policy won't affect existing restrictions on guest user access to sensitive files. However, Office 365 admins will need to change a tenant property using PowerShell and a cmdlet to mark new files sensitive by default.
While Office 365 Data Loss Prevention has now started rolling out, admins can already get prepared by checking this support page. Do you think this new policy is a welcome change for OneDrive for Business and SharePoint? Sounds off in the comments below.