The DLP policies enforced in the Secure Enclave add control over user operations that may result in company data and files with sensitive data being lost, misused, or accessed by unauthorized users.
Desktop DLP Policy Settings
The default setting for the available policies are shown in the table below.
Policy | Description | Setting |
---|---|---|
Network access |
Controls the use of Private Company Gateway (PCG), and which networks or applications should not use the PCG. |
Unrestricted: All traffic emanating from the Secure Enclave will use the local, unprotected connection of the computer. Restricted (default): All traffic emanating from the Secure Enclave will be sent over the Private Company Gateway (PCG). Options: See this article for configuration options
|
Printing |
Controls printing from applications in Venn. |
Unrestricted: Users may print to any printer available to their computer. Restricted (default): Users cannot print to any printer. PDF printers are not restricted. |
Screen sharing & Capture |
Controls the use of screen sharing and screen capture tools for applications running in Venn. |
Unrestricted (default): Users are allowed to share any application screen inside the Secure Enclave Restricted: Users are not allowed to share any application screen inside the Secure Enclave Optional: When restricted admins can
|
Move and Paste |
Controls the use of drag/drop and copy/paste to move data out of Venn. |
Unrestricted (default): Users are allowed to move data in and out of Venn. Restricted: Users are blocked from moving data out of Venn but are allowed to move data into Venn.
|
Browser policies |
Controls the policy applied to browsers running in the Secure Enclave. |
The default browser policy sets the required values so the browser runs safely and securely. Choose the custom option to add and edit your own policy for supported browsers on Windows and macOS. |
File storage and data control |
Controls use of file storage inside Venn. Enabling a file storage system assigns the desktop app and maps the location inside file manager. Policy also prevents data movement to locations outside Venn. |
See this article for configuration options |
Account access |
Controls access to software suites, such as Google Workspace and Microsoft 365. By default, access is blocked. Additional options enable configuration for access with any account or exclusively with specific business accounts. |
See this article for configuration options |
Secure Enclave Registry |
Controls the registry within the secure enclave for Windows users. |
Allows for the import of .reg files. HKCU level changes will apply. HKLM may work in some cases. |
Browser Uploads |
Controls the ability to upload files for Secure Enclave Windows users. |
Unrestricted: Users can upload files to any domain. Restricted (default): Users cannot upload files using a browser running in the Secure enclave Optional: When the policy is set to restricted, an admin can add domains to an exception list to allow for uploads to specific domains |
Mobile DLP Policy Settings
There are two available policy settings for each device control:
- Restricted
- Unrestricted
The default setting for all of the following controls is Restricted, which you can later change to Unrestricted based on your company's policy. Learn how to modify mobile DLP policy settings.
Policy | Description | Settings |
---|---|---|
Passcode |
Controls the ability to access the device without a passcode enabled. |
Restricted: Users are required to enable a passcode to unlock and access the device. iOS note: When restricted, users will be required to setup an alphanumeric passcode with a minimum of 6 characters. Simple passcode are not allowed. Unrestricted: Users are allowed to use the device without a passcode enabled. |
Network Access |
Controls the network connection used by managed applications. |
Restricted: All network traffic for managed applications is secured and protected by requiring the use of the Private Company Gateway. Unrestricted: The Private Company Gateway is not used and managed applications use the device’s local network. |
Restrict files to Managed Applications |
Controls the location where work files can be stored.
|
Restricted: Work files are only accessible from within managed applications. Users can copy or move files to managed applications from other unmanaged locations, but files are not allowed to be saved or moved to unmanaged locations, such as unmanaged applications or AirDrop. Unrestricted: Work files can be accessed and stored at any location. |
Screen capture |
Controls the use of screen capture tools, such as screen recording or screenshots, for managed applications. |
Restricted: Users are not allowed to capture the screen of protected applications. iOS note: When restricted, screen capture is disabled for the entire device, including personal applications. Unrestricted: Users are allowed to capture the screen of protected applications. |