This Feature is Only Available to Organizations using Venn Secure Enclave
Organizations That Wish to Access These Features Can Contact Their Customer Success Manager or Workplace Provider.
The DLP policy settings enforced in the Secure Enclave add control over user operations that may result in company data and files with sensitive data being lost, misused, or accessed by unauthorized users.
Desktop DLP Policy Settings
The default setting for each of the following operations is either Unrestricted or Restricted. Learn how to modify desktop DLP policy settings.
| Operation | Description | Setting |
|---|---|---|
|
Move and Paste |
Controls the use of drag/drop and copy/paste to move data out of Venn. |
Set to Unrestricted but can be changed to Restricted Unrestricted (default): Users are allowed to move data in and out of Venn. Restricted: Users are blocked from moving data out of Venn but are allowed to move data into Venn. |
|
Redirect Downloads |
Controls the location where files can be download when working in Venn. |
Set to Unrestricted but can be changed to Restricted. Unrestricted (default): Files can be downloaded to any location. Restricted: Downloads are forced to the user’s Secure Downloads folder in the Workplace Drive. |
|
Screen Sharing & Capture
|
Controls the use of screen sharing and screen capture tools for applications running in Venn. |
Set to Unrestricted but can be changed to Restricted. Unrestricted (default): Users are allowed to share any application screen inside the Secure Enclave Restricted: Users are not allowed to share any application screen inside the Secure Enclave Optional: When restricted admins can
|
|
Network Access |
Controls the network connection used by Venn. All network traffic for applications in Venn is secured and protected by requiring the use of the Private Company Gateway. |
Set to Restricted but can be changed to Unrestricted Unrestricted: All traffic emanating from the Secure Enclave will use the local, unprotected connection of the computer. Restricted (default): All traffic emanating from the Secure Enclave will be sent over the Private Company Gateway (PCG). Options: See this article for configuration options |
|
Browser Uploads |
Controls the ability to upload files for Secure Enclave Windows users. |
Set to Restricted but can be changed to Unrestricted Unrestricted: Users can upload files to any domain. Restricted (default): Users cannot upload files using a browser running in the Secure enclave Optional: When the policy is set to restricted, an admin can add domains to an exception list to allow for uploads to specific domains |
|
Printing |
Printing is unrestricted, users are permitted to print to any printer when in Venn. |
Set to Restricted but can be changed to Unrestricted Unrestricted: Users may print to any printer available to their computer. Restricted: Users cannot print to any printer. PDF printers are not restricted.
|
|
Files and Data |
Restricts where files can be saved and prevents data from being moved out of Venn. |
Mobile DLP Policy Settings
There are two available policy settings for each device control:
- Restricted
- Unrestricted
The default setting for all of the following controls is Restricted, which you can later change to Unrestricted based on your company's policy. Learn how to modify mobile DLP policy settings.
| Control | Description | Settings |
|---|---|---|
| Passcode |
Controls the ability to access the device without a passcode enabled.
|
Restricted: Users are required to enable a passcode to unlock and access the device. iOS note: When restricted, users will be required to setup an alphanumeric passcode with a minimum of 6 characters. Simple passcode are not allowed. Unrestricted: Users are allowed to use the device without a passcode enabled. |
|
Network Access |
Controls the network connection used by managed applications.
|
Restricted: All network traffic for managed applications is secured and protected by requiring the use of the Private Company Gateway. Unrestricted: The Private Company Gateway is not used and managed applications use the device’s local network. |
| Restrict files to Managed Applications |
Controls the location where work files can be stored.
|
Restricted: Work files are only accessible from within managed applications. Users can copy or move files to managed applications from other unmanaged locations, but files are not allowed to be saved or moved to unmanaged locations, such as unmanaged applications or AirDrop. Unrestricted: Work files can be accessed and stored at any location. |
| Screen capture |
Controls the use of screen capture tools, such as screen recording or screenshots, for managed applications. |
Restricted: Users are not allowed to capture the screen of protected applications. iOS note: When restricted, screen capture is disabled for the entire device, including personal applications. Unrestricted: Users are allowed to capture the screen of protected applications. |