DocLoq adds control around the external-sharing workflow while keeping documents in Microsoft 365. The goal is a governed path for the business, not a parallel file-sharing stack.
DocLoq adds identity, policy, and audit layers around documents that remain in Microsoft 365. Each layer is observable and operable by your admins.
SharePoint, OneDrive, Teams. Documents stay where they live.
Internal users via Microsoft Entra ID. External recipients verify through OTP or federated access.
View-only, watermark, expiry, download controls — applied before delivery.
Workflow-grouped activity. Revoke access at any time.
Documents never leave your tenant. The control layers wrap around the existing Microsoft 365 boundary, not in front of it.
External sharing fails in predictable ways. Each control is paired with the specific risk it removes.
Anyone-with-the-link sharing and inherited permissions make access too broad and hard to audit later.
Every share is tied to a verified recipient. No anonymous links, no inherited surprises.
External collaborators can accumulate as guest identities that nobody owns or removes.
OTP access avoids unnecessary guest setup for quick shares. Federated login can use Entra policies when Conditional Access, MFA, or governance requires it.
“View only” is easy to bypass with downloads, screenshots, and forwarded files.
Watermarking, view-only, expiry, and download rules are enforced inside the controlled viewer.
Activity is spread across SharePoint, Teams, Entra, and Purview — never aligned with a single share.
Every event sits under the share it belongs to. Revocation is one action, not a chase.
DocLoq is designed to work alongside SharePoint, OneDrive, Microsoft Entra ID, and Microsoft Purview rather than replacing them.
The default posture is controlled, time-bound access. Broader permissions are explicit decisions tied to the workflow.
Sharing events are grouped around the actual external-sharing use case, which is easier to review than reconstructing activity from multiple disconnected tools.
Bring these to the first security conversation. We will respond with specifics, not adjectives.
What stays in the tenant, what metadata the service holds, and which operational components participate in the sharing flow.
How the product is introduced, which controls are available on day one, and how issues are routed during evaluation and rollout.
Subprocessors, incident contacts, architecture questions, and evidence can be reviewed as part of the commercial discussion.
Bring your security, IT, or procurement stakeholders to the first conversation and we will walk through the control model directly.