Configures a list of rules to prevent data leak on Google ChromeOS.
Data leak can happen by copying and pasting data, transferring files, printing, screensharing, or taking screenshots ...etc.
Each rule consists of the following:
- A list of sources defined as URLs. Any data in the sources will be considered confidential data, to which the restrictions will be applied.
- A list of destinations defined as URLs or components, to which the confidential data is either allowed or disallowed to be shared.
- A list of restrictions to be applied on the data of the sources.
Rules can be added to:
- Control the clipboard data shared between the sources and the destinations.
- Control taking screenshots of any of the sources.
- Control printing of any of the sources.
- Control the privacy screen when any of the sources is visible.
- Control screen sharing of any of the sources.
- Control files downloaded from any of the sources when they are transferred to the destination. Supported on Google ChromeOS version 108 and higher.
The restriction level can be set to BLOCK, ALLOW, REPORT, WARN.
- If the restriction level is set to BLOCK, the action won't be allowed. If DataLeakPreventionReportingEnabled is set to True, the blocked action will be reported to the admin.
- If the restriction level is set to ALLOW, the action will be allowed.
- If the restriction level is set to REPORT and DataLeakPreventionReportingEnabled is set to True, the action will be reported to the admin.
- If the restriction level is set to WARN, a user will be warned and may choose to proceed with or cancel the action. If DataLeakPreventionReportingEnabled is set to True, showing the warning will be reported to the admin; proceeding with the action will also be reported.
Notes:
- PRIVACY_SCREEN restriction doesn't block the ability to turn on privacy screen, but enforces it when the restriction class is set to BLOCK.
- Destinations cannot be empty in case one of the restrictions is CLIPBOARD or FILES, but they don't make any difference for the remaining restrictions.
- DRIVE and USB destinations are ignored for CLIPBOARD restriction.
- Format the URL patterns according to this format ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ).
If the policy is left not set, no restrictions will be applied.
Supported On:
Platform
Start
End
ChromeOS
92
Example value:
{"0":{"name":"Support agent work flows","rule_id":"rules/00examplerule","sources":{"urls":{"0":"salesforce.com","1":"gmail.com","2":"docs.google.com","3":"drive.google.com","4":"company.com"}},"description":"Allow copy and paste for work purposes, block printing, enforce privacy screen, report screen sharing, and warn on screenshots and video capture","destinations":{"urls":{"0":"salesforce.com","1":"gmail.com","2":"docs.google.com","3":"drive.google.com","4":"company.com"}},"restrictions":{"0":{"class":"CLIPBOARD","level":"ALLOW"},"1":{"class":"SCREENSHOT","level":"WARN"},"2":{"class":"PRINTING","level":"BLOCK"},"3":{"class":"PRIVACY_SCREEN","level":"BLOCK"},"4":{"class":"SCREEN_SHARE","level":"REPORT"}}},"1":{"name":"Non agent work flows","sources":{"urls":{"0":"salesforce.com","1":"gmail.com","2":"docs.google.com","3":"company.com"}},"description":"Block copy and paste from work flows to other sites and external drives","destinations":{"urls":{"0":"*"},"components":{"0":"ARC","1":"CROSTINI","2":"PLUGIN_VM"}},"restrictions":{"0":{"class":"CLIPBOARD","level":"BLOCK"}}}}
Instinctive
