NextLabs Product Update – May 2022

Summary for Microsoft line of products


Powered by Dynamic Authorization, NextLabs provides Policy-based Access Management and Data Protection for Microsoft at the application (Dynamics and Office 365, SharePoint, Exchange, Teams), network (Network & Cloud File Shares), and endpoint (Windows Desktop & Outlook).

NextLabs recently updated many of its Microsoft products with advanced functionalities to further intellectual property protection, secure collaboration, provide fine-grained access control, and automate audit and compliance. The enhanced Microsoft products include Windows Desktop Enforcer, along with Entitlement Manager for Outlook, Dynamics 365, Exchange and Exchange Online, SharePoint and SharePoint Online, Skype for Business & Teams, and Network & Cloud File Shares.

Improvements to these products include extended use of Attribute-Based Access Control (ABAC), enhanced policy governance and analysis, and audit and monitoring capabilities. The updated Microsoft line of products provide centralized policy control and visibility over sensitive data across all systems and applications. Centralized policy management allows enterprises to implement and enforce access and security controls for Microsoft ecosystem across the organization to ensure data is protected regardless of where it resides. With automated controls, user error is removed ensuring that sensitive information is protected seamlessly.

Enhancements and new functionalities of these products include:

Windows Desktop Enforcer (WDE)

  • Enforce ABAC policy on all file operations based on user, resource, and environmental attributes.
  • Multi-level user access control based on policy – whether the device is online or offline.
  • Run on Windows desktop, Windows server, Citrix Virtual Apps and Desktop.
  • Advanced removable media controls and file operations to the removable devices.
  • Improved policy effects including document classification, user messaging, security overlay on View, and security overlay on Print.

Entitlement Manager for Outlook

  • Using ABAC policy to control access to email even when then device is offline.
  • A library of more than 10 out-of-the-box (OOTB) policy assistants to provide interactive remediation support.
  • Monitor and control email communication in real-time with alert, user messaging, and block action.
  • Identity-based communication control to prevent unauthorized communications between sender and recipients based on centrally managed policy.
  • Fine-grained attachment control to prevent users from sending incorrect attachments based on sender, recipient, metadata / property of the attachment, and any relevant attributes in the X-header.

Entitlement Manager for Dynamics 365

  • Enforce ABAC policy on user actions (CRUD) based on user, resource, and environmental attributes.
  • Policy-driven record level data filtering, field-level dynamic data masking, access denied message, and data owner controls.
  • Dynamic runtime policy enforcement based on enrolled and dynamic attributes that can be retrieved at runtime from a variety of sources (PIP).

Entitlement Manager for Exchange & Exchange Online

  • Using ABAC policy to control incoming & outcoming email routing.
  • Added support for file tagging, email notifications, append message, non-delivery report (NDR), and email classification.
  • More than 10 out-of-the-box (OOTB) policy conditions for use to enforce policy.

Entitlement Manager for SharePoint & SharePoint Online

  • Using ABAC policy to control access and user actions on site, library, list, document, and item based on user, resource, and environmental attributes.
  • Trim unauthorized document in library view and item in list view based on user, resource, environmental attributes.
  • Added support for file classification and persistent tagging.

Entitlement Manager for Teams

  • Using ABAC policy to control access and user actions in Team and Channel.
  • Using ABAC policy to control access to file or trim files in File List.
  • Added support for user notification and classify team based on policy
  • Policy conditions allow enforcement based on user, team, file, and environmental attributes.

Entitlement Manager for Network and Cloud File Shares

  • Using ABAC policy to control SMB file access based on user, resource, and environmental attributes. Local file server, Azure Files, and AWS S3 are also supported.
  • Policy Reporter application to provide centralized audit, compliance reporting, and end user activity insights.


For more information on NextLabs’ suite of applications for Microsoft, please visit our Microsoft Solution Page.