Internal vs External Controls
Understanding the Concept
DLP can apply different controls based on whether data is being shared internally (within the organization) or externally (outside the organization). This recognizes that internal sharing often has lower risk than external.
External sharing controls are typically stricter: blocking or requiring justification. Internal sharing might just show a warning or require encryption without blocking.
The definition of 'external' includes: external email domains, guest users in Teams/SharePoint, and sharing links accessible outside the organization.
Key Points
- Internal: Members of your tenant, internal email domains
- External: Outside email domains, guest users, anonymous links
- Graduated Response: Warn internally, block externally
- Guest User Detection: Specific handling for B2B guests
- Domain Whitelisting: Trusted partner domains
Why This Matters in Real Organizations
Most data breaches involve external sharing. By applying stricter controls to external sharing while allowing internal collaboration, you balance protection with productivity.
Common Mistakes to Avoid
Interview Tips
- Explain graduated response strategy
- Discuss partner domain exceptions
- Mention how to handle M&A scenarios
Exam Tips (SC-401)
- Know how external recipients are identified
- Understand guest user policies
- Know anonymous link handling
Course Complete!
You've finished all lessons