How to Overcome Tenant Restrictions with Govern 365 Vault for Secure and Seamless Sharing

STAY CONNECTED

EXPLORE MORE

• Compliance (5)
• News (1)
• Secure Collaboration (9)
• Self Provisioning (3)
• Uncategorized (1)
• Virtual Data Room (21)

Introduction

Govern 365 Virtual Data Rooms are based on SharePoint Online and provide access to both internal and external parties using a familiar environment. This access is possible through Azure B2B functionality and allows external users to use their corporate email ID’s and password to access the dataroom. Some organizations, however, don’t allow their users to access external environments using Tenant Restrictions or other policies. Govern 365 elegantly solves this problem with Govern 365 Vault.

What is the challenge?

A typical use case sees you as a dataroom owner adding files to your dataroom and granting a bank user access to review them. The bank user tries to access the dataroom but is met with an access denied message that stems from their organization having security policies in place that prevent them from logging into any external environment. Since Govern 365 allows a user to use their corporate login to access Virtual Data Rooms, it’s typically preferable to use this ability and not have to remember yet another username and password for a 3^rd party solution. When this capability is intentionally blocked, however, it becomes challenging to provide the external banking user a seamless login experience.

Why so?

Some technicalities need to be understood to appreciate the challenge here. 

Azure B2B collaboration settings allow an external organization (e.g., @bank.com) to impose restrictions on their users, such as:

• Tenant Restrictions: Blocks the ability for a @bank.com user to access content in external M365 tenants such as ‘company.com’ using a guest account such as [email protected] in the @company.com tenant  
• XTAP outbound settings: Ability to communicate with Microsoft’s Azure Rights Management service to consume protected content (using the AAD identity of [email protected])

Imagine a situation where bank.com might have tenant restrictions/XTAP restrictions in place which is a possible scenario for large financial institutions. When @company.com users are sharing contents with @bank.com users (who are guest users to @company.com), with the restriction imposed on the @bank.com side, these users will not be able to access the SharePoint backed data room hosted by @company.com to consume shared content.

Introducing the Govern 365 Vault

Govern 365 Vault is an external user portal that allows these restricted external users to access files from your VDR by creating a separate vault identity that is not restricted by their home organization. They can view, download, and upload files the same way they would be able to using the SharePoint interface. The beauty of Vault is that the files are still being stored in the original Govern 365 VDR where dataroom owners can continue to work. There is no duplication of files just for external exposure. The added benefit of Vault is the focused UI that guides external users to get their work done quicker with less visual distractions. The decluttered interface is perfect for all users that simply need to view or upload content. Because the files are still being stored in SharePoint Online in the backend, all of the collaboration features are still supported in Vault such as Co-Authoring.

Some key points that summarize the value of Vault.

1. Users can update their password from the log-in page at anytime. No additional administrative overhead is required.  
2. Restrictions imposed at tenant level are alleviated by using a separate set of credentials specific to Vault.  
3. The contents from the VDR are fetched dynamically behind the scenes and surfaced in the vault interface to provide a seamless experience.  
4. Each of these newly created vault accounts is associated with their regular organizational account (e.g., [email protected]), so it is well connected behind the scenes.

Govern 365 Vault Dashboard

Here are a few sample screen shots to accentuate the ease of use of Govern 365 Vault.

Login to the Vault

The Dashboard

Displays all secure data rooms that the logged in user has access to.

The Documents

Displays details of all documents available in the chosen folder in the library of the vault.

Download Document

Securely download the selected files.

The Document

An example of a secure watermarked document stored in the vault.

Conclusion

Govern 365 is the most versatile secure collaboration platform that offers Virtual Data Rooms for all use cases. The vault functionality tremendously increases the value of the Virtual Data Room by brokering the underlying access mechanisms across tenants irrespective of the environment or restrictions of other tenant users. This results in a seamless user experience for external users assisted by an intuitive operational interface which is extremely important for a VDR operation. Please contact us for a demo and to begin a 30-day free trial.