@@CloudContext Thanks for your response. I am planning my Azure Cloud Architect path after I complete my ITIL certification, wish me luck. When are you uploading the next video on the home lab extension series?? 😁
Least permissive for sharing does more harm than good in my experience. Users would resort to 3rd party apps (Dropbox, google sheets, google drive), move corporate data into them and share externally. As an MSP this is not ideal as you’ll lose control of where data is stored and consumed(fragmentation). Instead, a more practical way is to set default sharing as only share inside the Org and they can manually change it to anyone with the link every time they want to send externally. This also means that you can extract a monthly report of files with such links and that would be a more accurate indication of files shared externally.
Are there any risks that the tools available to pick up insecure or risky networks can be circumvented? So hackers and the like can get around their checks?
Awesome. Please produce more of these types of videos.
Thank you for your feedback Fayas. Will do!
@@CloudContext Thanks for your response. I am planning my Azure Cloud Architect path after I complete my ITIL certification, wish me luck. When are you uploading the next video on the home lab extension series?? 😁
@@Fahds87 Good luck! I'm glad you asked - hopefully in the next week or so!
Least permissive for sharing does more harm than good in my experience. Users would resort to 3rd party apps (Dropbox, google sheets, google drive), move corporate data into them and share externally. As an MSP this is not ideal as you’ll lose control of where data is stored and consumed(fragmentation). Instead, a more practical way is to set default sharing as only share inside the Org and they can manually change it to anyone with the link every time they want to send externally. This also means that you can extract a monthly report of files with such links and that would be a more accurate indication of files shared externally.
Agreed. I'd add that it should be assessed case by case as well. A lot of the time we use a list of allowed domains which works well too.
Are there any risks that the tools available to pick up insecure or risky networks can be circumvented? So hackers and the like can get around their checks?
That is a good question. Attackers definitely have ways to spoof their location but you'd hope that they would be detected somewhere down the line.
6 for 6 👍