Protecting sensitive data in M365, where files have been replaced by links, requires rethinking the objectives of IT security. The old security model aimed at preventing breaches altogether is no longer effective. Enter Zero Trust—a modern security framework upon which 365 is built that assumes breach and verifies every access request as though a connecting device and its user’s identity are compromised.
M365’s Zero Trust model is based on two security pillars: persistent authentication and the principle of least privilege. Persistent authentication requires the user’s identity and privileges to be re-verified for every request to access the M365 tenant; once authenticated, least privilege restricts the user’s access to only the resources within M365 for which they are authorized—nothing more.
However, M365 Zero Trust framework’s reach is limited when link-enabled content is overshared. Not only does link oversharing risk direct access by unauthorized users, but it also exposes sensitive content to indirect access via Copilot, Microsoft’s AI agent. eSHARE’s Trusted Collaboration enhancement to M365 bridges the ‘last mile’ of its Zero Trust model by enforcing authentication and least privilege policies that prevent oversharing.
Verify Explicitly: Know & Enforce Who’s Accessing What
Zero Trust starts with identity verification. M365 leverages tools like multi-factor authentication and Single Sign-On to ensure that only verified users—on compliant devices—can access the tenant. Trusted Collaboration takes the Zero Trust baton from that point to further verify and restrict users’ privileges to access or share links by analyzing contextual signals that determine if and how governance policies are enforced that accounts for the link’s sensitivity and the user’s privileges.
For example, a defense contractor may have employees and contractors from around the world collaborating on a project. However, certain project data may only be accessed by employees, and a subset of may be so sensitive that it can only be accessed by employees that are U.S. citizens with proper security clearances.
M365 ensures that all employees and contractors are authenticated to the tenant but lacks fine-grained policy enforcement that would ensure the business remains compliant with applicable laws restricting unauthorized access to classified information. Trusted Collaboration handles these use cases seamlessly without interrupting the data owner’s workflow.
eSHARE Collaborate manages governance for external contractors. When links are shared with outside collaborators, eSHARE Collaborate first determines if it can be accessed by non-employees by ingesting signals from M365 like classification tags or DLP inspection that describe the link’s sensitivity. If access is allowed, a trusted share is automatically created in the M365 tenant that can only be accessed with the contractor’s credentials. If the link cannot be shared, the data owner is notified at the time of sharing, and appropriate governance is enforced. eSHARE Collaborate enforces the same workflow if invitations are sent through Teams, OneDrive, SharePoint, or Outlook. Even if a link is converted to a file and attached to an email, eSHARE Collaborate will automatically convert the file back to a link and creates a trusted share. No matter how the content is shared, it can only be accessed within the M365 tenant.
eSHARE Govern closes the unauthorized employee gap by combining link sensitivity signals with user information from identity and access management systems like attribute-based access control (ABAC) that verifies the employee’s citizenship and security clearance statuses. If a team member without proper clearance is invited to review a classified link, eSHARE Govern automatically enforces the appropriate policy and remediating steps directly within the user’s workflow.
Be it links shared internally or externally, Trusted Collaboration leverages the richness of signals available from disparate verification sources from M365 and 3rd party solutions to determine risk context in ever greater detail to drive granular Zero Trust policy enforcement without compromising productivity.
Secure Links. Maintain Speed. Enable Collaboration.
eSHARE’s Trusted Collaboration doesn’t interrupt users—it enhances Microsoft 365 by making Zero Trust truly actionable at the point of sharing. With real-time enforcement based on identity, sensitivity, and access context, you get stronger security and a better user experience.
Ready to take Zero Trust all the way?
Let’s talk about how eSHARE can secure your Microsoft 365 collaboration—without slowing down your teams. Contact us to learn more.
