Answers for IT, security, and the teams that share documents

DocLoq is an external-sharing control layer for Microsoft 365. It governs how documents stored in SharePoint and OneDrive are shared with people outside your tenant — adding verified access, policy enforcement, protected delivery, and audit around each share.

No. DocLoq is additive. Source documents stay in SharePoint and OneDrive. Internal collaboration continues to happen in Teams and the rest of Microsoft 365. DocLoq governs the external access workflow around tenant content rather than replacing any of it.

Use DocLoq when an external share needs verified recipient identity, policy enforcement (view-only, watermarking, expiry), protected delivery, and a clean audit trail. Native sharing remains the right answer for low-risk collaboration with trusted, already-managed external partners.

IT and security teams responsible for governance on Microsoft 365, plus the business teams that share regulated or sensitive documents externally — legal, finance, procurement, HR, and similar functions.

DocLoq references documents that live in SharePoint sites and OneDrive libraries. The original file remains the source of truth in your tenant; DocLoq governs who can access it externally and under what conditions.

DocLoq is designed to coexist with Purview classification, sensitivity labels, and DLP policies that already apply to your tenant content. Customers should validate the precise interaction for their configuration as part of a security review.

External recipients do not install anything. Internal admin setup involves registering DocLoq in Microsoft Entra ID with the consents needed to operate sharing. Specific permissions are reviewed during onboarding.

Yes. As with any Microsoft 365 app that operates on tenant content, DocLoq requires admin consent in Entra ID. The exact scopes are documented and reviewed with your security team before deployment.

It depends on the access model used for the share. OTP secure shares verify the recipient by email or phone code without requiring a tenant guest account. Federated login uses the recipient’s own organization identity and may register a guest in your Entra tenant when Conditional Access, MFA, or governance policies require it.

OTP suits time-bound shares with people whose home identity you do not need to track. Federated login suits longer engagements, repeat collaborators, or shares that must inherit your Entra ID Conditional Access, MFA, and governance policies. Both can be configured as defaults per workflow.

It can, if your governance model requires guests for federated access. In that mode, guests are created and managed under your existing Entra ID policies. OTP shares avoid creating tenant guests when that overhead is not needed.

When federated login is used, recipients authenticate through their own identity provider and are subject to your Entra ID policies as configured for guests or external identities. OTP flows enforce DocLoq-side verification and policy without modifying your tenant identity model.

No. Every DocLoq share is bound to a verified recipient identity, not to an anonymous URL that anyone can forward.

In your Microsoft 365 tenant. The original document continues to live in SharePoint or OneDrive. External recipients access content through a controlled rendering flow rather than a direct copy of the file leaving the tenant.

View-only access, watermarking tied to the recipient identity, expiry, restricted or blocked download, role-based permissions, and policy templates that combine these into reusable defaults.

Sharing events and recipient activity are captured around the workflow: who shared what, with whom, under which policy, what happened during the session, and when access ended. Records are available for review and export.

Admins can revoke a share at any time, taking effect on the next access attempt. Expiry can also be set in advance so access ends automatically when the engagement is over.

DocLoq stores the operational metadata required to run sharing: recipient identifiers (such as email), the policy attached to each share, and access activity for audit. The exact data scope and retention model is reviewed in detail during onboarding.

DocLoq is in public beta. We are happy to share our current security posture, subprocessor list, and roadmap for formal certifications during a security review. We do not claim certifications we have not yet achieved.

Most customers start with a focused pilot on one external-sharing workflow — for example, legal document exchange or vendor onboarding — and expand from there once the control model is validated against their tenant reality.

A defined business workflow, a target SharePoint or OneDrive scope, an identity model (OTP, federated, or both), the policies that must be enforced by default, and a small group of internal users who initiate shares. Success criteria are agreed up front.

Yes. We respond to standard questionnaires and can share architecture documentation, subprocessor lists, and answers tailored to Microsoft 365 deployments. Bring your security team to the first walkthrough so it lines up with your review process.

During a pilot, the DocLoq team works directly with the IT or security lead and the business owner of the workflow. Production support model and SLAs are agreed during procurement and depend on the plan.

Pricing depends on tenant scope, number of internal users initiating shares, and the controls required. Talk to sales for a quote tailored to the workflow you want to govern first.