This article explains issues using the :Foundation Client with Microsoft OneDrive.
Overview
Microsoft OneDrive is a sync and sharing solution delivered as part of Office 365 and/ or part of Windows 10. SSProtect can prohibit synchronization of plaintext content for managed files, though general integration doesn't function as expected specifically because of the way OneDrive approaches matters.
General Issues and Limitations
As of the latest v10.7.0 release of the :Foundation Client, the software:
- Does not present File Explorer overlay icons for protected items placed in OneDrive folders
- Will not detect the presence of a protected file that's Copied or Moved into a OneDrive folder: Subsequent activity that attempts to securely access content (Managed Open) with the default managing application fails - SSProtect will not detect the operation and as a result will not interject the associated controls to present managed plaintext. Refresh Login and/ or Explorer restart is generally sufficient to reset the Filter for proper forward use.
Note in the 2nd case that Filtering does in fact work if you protect a plaintext item already placed in a OneDrive folder. Of course, pre-existing plaintext content will likely have been synchronized with the cloud, though not always - this depends on the OneDrive configuration and state at the time of plaintext creation and/ or modification.
File Explorer Overlay Icons
OneDrive versions prior to 2020 dynamically change their registered File Explorer overlay icons' priorities to, "capture" the first seven (7) of the available fifteen (15) overlay icon entries. This means OneDrive always, "steals" priority from other software applications attempting to register their File Explorer overlay icons.
SSProtect attempts to gain priority with its' two (2) icons, though does not engage in dynamically adjusting its' entries to engage in the, "competition" for priority; if after installing both OneDrive and SSProtect, and restarting OneDrive, File Explorer overlay icons for SSProtect managed content are not present, upgrade OneDrive to version 2020 - this should re-enable SSProtect File Explorer overlay icons though as noted above, they will not present in OneDrive target folders.
The associated Registry entries can be found in the following location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
Prompts When Accessing Managed Items in Sync Folders
OneDrive allows you to configure Microsoft Office to synchronize documents to the cloud, from directly within Office desktop applications. In OneDrive Settings, the Office tab contains a checkbox, Use Office application to sync Office files that I open. When this is checked and you attempt to Release Protections or execute Managed Access (w/ In-Place Encryption), SSProtect will prompt you with a notice that you run the risk of synchronizing plaintext to the cloud.
You can, using these prompts, choose whether or not you wish to proceed with the operation or cancel to avoid plaintext cloud exposure.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v10.7.0 of the :Foundation Client