POLICIES
      Back to home
      1. Safetica Knowledge Base
      2. PROTECTION: Set up your data protection
      3. POLICIES

      🆕 Data policies: How to protect cloud drives

      Learn how to control upload and synchronization with cloud drives, particularly SharePoint Online and OneDrive for Business.

      Introduction

      Safetica allows you to control file transfers to cloud drives through:

      • Web browsers (e.g., uploading files via Google Drive or Dropbox websites).
      • Local synchronized folders (e.g., files copied into Dropbox or OneDrive folders).
      • 🪟Windows only: OneDrive Sync Client (e.g., automated background sync via OneDrive Sync Client on Windows).

       

      Safetica offers:

      General cloud drive control, with which you can control upload to:

      • All cloud drives at once.
      • Individual cloud services (Google Drive, Dropbox, Box, etc.).

      Granular control for Microsoft services:

      • SharePoint Online: You can control specific tenants, sites, and folders.
      • OneDrive for Business: You can control specific tenants, but not individual sites or folders. Since OneDrive provides personal storage space for each user, Safetica controls it as a whole rather than controlling separate parts.

       

      In this article, you will learn:

       

       

      How to protect cloud drives in general

      Use data policies to protect file uploads and synchronization with cloud drives as whole communication channels for specific users, teams, or your entire company:

      1. Go to Policies > Data tab and click Add policy.
      2. In Destination types, click Add destination type.
      3. Select either:
        • Cloud drive upload (to control all cloud drive uploads) or
        • Specific cloud drive services: Box, Dropbox, Google Drive, M365 OneDrive for Business, M365 SharePoint, OneDrive Personal

      4.  Configure the rest of your policy and click Save

      ✍️ Learn more about creating data policies here.

       

       

       

      How to protect SharePoint Online and OneDrive for Business granularly

      ❗This option is currently only available for Safetica hosted on-premises.

      Use Data destinations to add specific SharePoint/OneDrive URLs to Untrusted or Safe destinations or to individual destination groups. You can then use these in policies for more granular control.

      Example: Protect sensitive files in a specific SharePoint folder by blocking transfers to other folders or SharePoint tenants.

       

      Step 1: Add SharePoint Online or OneDrive for Business to Data destinations

      1. Go to Data destinations.
      2. Choose where to add the new SharePoint or OneDrive:
        • Untrusted/Safe destinations: Click the three dots in the column header. Then click Add destinations.
        • Specific group: Click the group to open its detail, then click the three dots in the group header. Click Add destinations.
      3. Click the Cloud drive tab and select whether to add a SharePoint or OneDrive.
      • For SharePoint:
        • Enter the SharePoint URL.
        • Select the scope of what to add as a data destination in Protect all files in this folder and subfolders:
          • Tenant (e.g., https://company.sharepoint.com)
          • Site (e.g., https:// company.sharepoint.com/sites/Finance)
          • Specific folder (e.g., https:// company.sharepoint.com/sites/Finance /Shared Documents/Budgets)
      • For OneDrive:
        • Enter the OneDrive URL.

      ❗For OneDrive, you can only add the whole tenant, not individual sites or folders.

      4.  Click Add.

       

      Step 2: Use data destinations in policies

      Once your destination group is ready, use it in a data policy to control SharePoint or OneDrive for Business:

      1. Go to Policies > Data tab and click Add policy.
      2. In the What destinations does this policy apply to? dropdown, select your destination group.
      3. In Destination types, select M365 SharePoint and/or M365 OneDrive for Business.
      4. Configure the rest of the policy and click Save.

      ✍️ Learn more about creating data policies here.

       

       

      What admins see in records

      To find out which file uploads or synchronizations to cloud drives were allowed or blocked:

      1. Go to the Data section.
      2. Click Add filter > Destination types.
      3. Select the desired cloud drives (Cloud drives in general or the specific service: Box, Dropbox, Google Drive, SharePoint, OneDrive for Business, OneDrive Personal).
      4. You will see the name of the file, who initiated the upload/sync, whether upload/sync was allowed, logged, notified, or blocked, whether the file contained sensitive data, and many other details.

       

       

      FAQ

      Q: What SharePoint versions does Safetica support?

      A: Safetica supports SharePoint Online. SharePoint on-premises is not supported.

       

      Q: How can I set different rules for SharePoint and other cloud drives?

      A: You have 2 options:

      1. Single policy with advanced control: Click Advanced control of individual destination types and configure destination groups with different policy actions.
      2. Multiple policies: Create separate policies - one for SharePoint and another for different cloud drives. Place the more restrictive policy higher in the policy list.

       

      Q: Can I control specific sites and folders in OneDrive for Business?

      A: No, you can only control OneDrive at the tenant level. Granular folder or site control is only available for SharePoint.

       

      Q: Can I granularly control OneDrive Personal? Can I control individual tenants for OneDrive Personal?

      A: No, you can’t control specific tenants for OneDrive Personal. Tenant-level control is only available for OneDrive for Business.