How admins can enforce policies in Dropbox Dash with Protect and Control

Updated Oct 22, 2025

In this article

person icon

The information in this article applies to certain types of admins on Dropbox Dash.

Bring order to shared data

Today, companies share more data across more tools than ever before. The Policies feature in Protect and Control helps admins gain visibility and control across connected apps such as Dropbox, Microsoft 365, and Google Drive.

They turn awareness into action so you can spot exposure, automate cleanup, and stay audit-ready with less manual work.

Think of policies as always-on rules that keep data where it should be. They quietly enforce consistency, freeing you from chasing permissions or checking every file yourself.

Why it matters

Policies help teams simplify governance and prove compliance without slowing collaboration so you can:

  • See who has access to company files across all connected apps
  • Identify and close risky exposure points like public links or personal accounts
  • Automate cleanup to reduce repetitive manual work
  • Enforce consistent sharing rules across tools
  • Track and audit every change with detailed logs for compliance
  • Keep data secure and governance effortless over time

When applied well, policies do more than protect, they build trust. Colleagues can share confidently, knowing sensitive data stays contained.

This guide walks you through the full workflow, from spotting exposure to enforcing policies at scale with automation. Learn how to use Policies in Dropbox Dash.

Before you begin

Take five minutes to verify these items before you start setting up your policies.

  • You’re signed in to Dash with admin credentials and you can access the Admin console. Learn how to manage Protect and Control in Dash.
  • If you want to enforce policies across apps, make sure they are enabled and synced. Learn how to add apps to Dropbox Dash.
  • Dropbox content appears on the Protect and Control page.
  • It helps to know what “good” looks like for your organization. Decide which sharing behaviors are acceptable and which require action.

Step 1. See everything that’s shared

The first thing you should do is take a look at what content is shared. Think of this as an X-ray of your content. The goal is to identify high-risk sharing patterns that could expose company data.

  1. Log in to dash.ai using your admin credentials.
  2. In the Admin console, click Protect and Control. Here, you’ll see every file across connected apps, with details such as:
    • Title, App, Owner, Email
    • Link type (Restricted, Company, Public, Outside, Guest, Targeted, External, Unknown)
    • Permissions (View, Comment, Edit)
    • Modified date, Age, Shared drive status, Identifier
  3. (Optional) You can select preset filters such as Open company links, Open public links, Outside access, Personal accounts, or External ownership to narrow results. You can also toggle any filter to is not to exclude items. For example, you can set App is not Dropbox. Learn how to include or exclude apps.
  4. Click on an item to open its details drawer.

When you finish this step, you should have a clear view of how and where data is shared across your connected apps. Use this baseline to decide which areas need policies first.

Step 2. Set up your first policy

Policies are shown as preset cards you can customize to fit your organization’s needs. Each card starts with predefined rules, such as detecting public links or external collaborators. You can open any card, adjust the filters, choose to alert or to automate, and activate it when ready.

Keep in mind that each card includes a built-in automatic fix that can’t be changed. Make sure your filters align with the action that’s already set so you can automate effectively in the future. Learn what automatic fixes are available.

  1. In the admin console, under Dash, click Policies.
  2. Click Set up on an inactive policy card.
  3. Give your policy a unique name. You pick a name that indicates what the rule actually remediates. For example, “Public links not modified in 5+ years”.
  4. Click Edit mode.
  5. If needed, select filters to define what you’ll monitor.
  6. Click Save and close.
  7. Select Send an alert. This lets you test the results before automating the policy. Once you trust the results, switch to Automatically fix it to enforce at scale.
    Note: Every 24 hours at 8:00 UTC, admins receive an email that summarizes policy matches requiring manual review. The email includes a View matches link and shows which admin created the alert. Policies without matches don’t trigger alerts or actions. Learn how alerts work.
  8. Type CONFIRM.
  9. Click Activate.

Learn how to manage policy requirements.

magic wand icon

Suppose your team occasionally shares files publicly by mistake. You can create a policy that detects all files with Public link type in Dropbox and Google Drive, alerts the file owners, and then automatically converts those links to Company only.

Start by setting filters to Link type = Public and App is Dropbox or Google Drive. Choose Send an alert first to review results, then switch to Automatically fix it once you’ve confirmed the policy behaves as expected. This approach helps you test safely before enforcing across all connected apps.

Step 3. Test your policy and automate at scale

Before automating your policy, test it to make sure it works as expected. This step helps confirm your filters identify the right files and your chosen actions produce the correct results.

  1. Open the alert email you received and click View matches. You’ll see the list of items that meet your policy’s conditions. 
  2. Select the matches you want to take action on (individually or in bulk).
  3. If applicable, choose the action details or enter the collaborator’s name. Once you’re confident the alert results look right, you can move from testing to automation. This ensures your policy performs as expected before it starts making real changes.
  4. When you are satisfied, select Automatically fix it.
  5. Type CONFIRM, then click the action button to complete the change.
  6. Click Update.
magic wand icon

Keep automation off until you’ve validated at least two alert cycles. You’ll catch false positives early and adjust filters without impacting live data.

highlighter icon

If you edit or deactivate a policy, queued actions still finish that day. Policies run daily at 08:00 UTC and apply remediation automatically.

Step 4. Monitor and adjust

Policies are living rules. Review them at least once a week to confirm they’re running as expected and update the criteria as your security needs change.

Look for these types of patterns and then adjust the filters or set up new policies to address them:

  • Repeated external shares from one department
  • Files untouched for years
  • Many public links in a specific app
  • Adjust filters to reduce false positives.
  • Watch for a week-over-week drop in public links or external shares.
  • Confirm automation completes without errors.
magic wand icon

You can see the automatic fixes in Action history. To see only automatic fixes, enter “policy-automation” in the Actor filter. You can refine your results by adding additional filters.

Try building a review rhythm, set a reminder once a month to scan Action history and tweak filters. That habit keeps policies relevant without extra effort.

Wrap up

The policies feature in Protect and Control helps admins gain visibility across connected apps and lets you automate enforcement without extra work. Start small, test manually, then automate once you trust the results.

When you do, exposure trends decline, audits run cleaner, and admins spend less time chasing permissions.

Other helpful resources

Was this article helpful?

Let us know how why it didn't help:

Thanks for letting us know!

Thanks for your feedback!

Other ways to get help

Icon depicting two people
Community
Twitter Icon
X
Icon depicting a speech bubble
Contact support