How we work

How DocLoq builds, deploys, and supports

A short, honest description of the product constraints we accept and the way we engage with security, IT, and procurement teams running on Microsoft 365.

The flow

Four steps from tenant to recipient

Every external share follows the same controlled path — selected in Microsoft 365, governed by DocLoq, observed end-to-end.

1
Start in Microsoft 365
Pick a document from SharePoint, OneDrive, or Teams. Files stay in your tenant.
2
Define access
Set recipient, role, expiry, watermarking, and download rules before delivery.
3
Deliver securely
Recipient verifies identity. They access the document through a controlled viewer.
4
Monitor and revoke
Track activity, export audit, end access at any time.

1
Start in Microsoft 365
Pick a document from SharePoint, OneDrive, or Teams. Files stay in your tenant.
2
Define access
Set recipient, role, expiry, watermarking, and download rules before delivery.
3
Deliver securely
Recipient verifies identity. They access the document through a controlled viewer.
4
Monitor and revoke
Track activity, export audit, end access at any time.

Step 2 — Define access

Set the policy before the document leaves

Recipient, role, expiry, watermarking, and download rules are decided up front — not after the share is already out.

docloq · sharing policy

Recipient: partner@external.com
Role: Reviewer
Access expires: 14 days
Watermark: On — recipient identity
Download: Blocked

Policy applies before deliveryShare securely

Step 3 — Deliver securely

One handoff, two governed views

The recipient verifies identity and opens the document inside a controlled viewer. OTP keeps quick shares lightweight; federated access can use Entra controls when policy requires it.

Sender — Microsoft 365

Document stays in tenant

Selected from SharePoint or OneDrive
Policy attached, recipient invited by email
OTP shares avoid unnecessary guest setup

Recipient — controlled viewer

Verified, time-bound, watermarked

Identity verified via one-time code or federated login
View-only by default, watermark per session
No download unless the policy allows it

Step 4 — Monitor and revoke

See what happened. End access on demand.

Activity is grouped around the share itself. Revocation is a single action — not a chase across systems.

Time

Recipient

Event

Status

14:02partner@external.comIdentity verifiedOK
14:02partner@external.comOpened DocLoq secure shareOK
14:07partner@external.comViewed page 3 — watermark appliedOK
14:11partner@external.comDownload attempt — blocked by policyBlocked
14:23admin@docloq.comAccess revoked — engagement closedRevoked

See how this works in practice

Request a walkthrough against your tenant or talk to us about an evaluation scope. We will be specific about what is in the product today.

Request a walkthrough