Dropbox Protect Setup and Onboarding Guide

Dropbox Protect helps you identify and reduce risky file sharing, enforce access controls, and maintain visibility across your content.

Protect provides a unified view of file access across Dropbox, Google Drive, and Microsoft 365, so you can quickly identify risk, take action at scale, and enforce access rules with automation.

This guide walks you through how to set up Protect and use its core capabilities, including filters, bulk actions, policies, and reports, to manage access and reduce risk over time.

What is Dropbox Protect?

Dropbox Protect is a data access governance solution that helps IT and security teams secure sensitive company data across cloud content platforms.

As content grows across tools, access becomes harder to track. Files are shared broadly, permissions accumulate over time, and sensitive content can be exposed without clear visibility. Protect gives you a centralized way to understand who has access to what, take action on overshared content, and enforce least-privilege access.

With Protect, you can:

• Gain unified visibility into file access across Dropbox, Google Drive, and Microsoft 365
• Identify high-risk sharing, including public links, external collaborators, and overshared content
• Use bulk actions to quickly update permissions and reduce risk at scale
• Enforce access rules with automated policies, alerts, and remediation actions
• Monitor activity and validate changes using Reports and Action history

How Dropbox Protect works

Protect combines visibility, control, and automation to help you manage access:

• Unified content view: See all files and access across connected apps in one place
• Filters and presets: Identify high-risk sharing patterns quickly
• Bulk actions: Update access at scale by removing links or collaborators
• Policies: Automate enforcement with alerts and remediation actions
• Reports and Action history: Monitor activity, validate changes, and support audits
  

Before you begin

Make sure you have:

• Access to Dropbox Protect Learn how to manage Dropbox Protect.
• Access to the cloud platforms you want to connect (Dropbox, Google Workspace, Microsoft 365) Learn how to connect apps to Dropbox Protect.
• A basic understanding of your organization’s sharing and access requirements

Step 1. Sign in to Dropbox Protect

Sign in to your Dropbox Protect account to access the admin interface.

For detailed instructions, see How to manage Dropbox Protect.

Step 2. Connect your apps

Connect the platforms where your content lives to enable cross-cloud visibility.

You can connect:

• Dropbox
• Google Workspace
• Microsoft 365

Once connected, Protect begins indexing your content and access data so you can analyze sharing and permissions across platforms from a single view.

For step-by-step instructions, see How to connect apps to Dropbox Protect.

Step 3. Confirm your data is syncing

After connecting your apps, confirm that your data is available and accurate.

• Open the item list
• Confirm content appears from each connected platform
• Spot-check file details, including:
  • Owner
  • Link type
  • Collaborators

Step 4. Identify high-risk sharing

Start by reviewing how content is shared across your organization. This gives you your first visibility baseline.

In the item list, review:

• Title, source app, and owner
• Link type (Restricted, Company, Public, External, Guest, Unknown)
• Permissions (View, Comment, Edit)
• Modified date and activity

You can use filters and presets to quickly identify high-risk sharing patterns. Filters help you quickly identify patterns in how your content is shared, so you can focus on areas that may introduce risk. They’re one of the most effective ways to understand your exposure at a glance. Learn how to apply filters.

You can also use Reports to understand risk at a higher level. Reports provide a summary of sharing activity across your content, helping you gauge exposure such as:

• The number of items with public links
• The amount of content shared with external or personal accounts

This helps you quickly assess where risk is concentrated before taking action. Learn how to use Protect reports.

Step 5. Review how access is granted

After narrowing your view, select an item to inspect its details.

Review:

• Collaborators
• Link settings
• Roles and permissions
• Metadata and history

This helps you understand how access was granted and whether it aligns with your organization’s access policies.

Step 6. Take action to fix access risks

Now that you understand your exposure patterns, you can start making targeted changes to reduce risk and strengthen access control.

Focus on identifying access that is too broad, outdated, or no longer needed, then take action to correct it. Learn how to fix security risks.

Common actions include:

• Removing public or outdated links
• Removing unnecessary external or personal access
• Stopping sharing on sensitive items

All changes are recorded in Action history, where you can review what changed, when, and by whom.

Step 7. Automate access control with policies

Policies enable automated enforcement of access rules across your content.

Start with a simple policy, such as:

• Removing public links
• Monitoring or restricting external sharing

Policies can:

• Trigger alerts when conditions are met
• Automatically take remediation actions
• Continuously enforce least-privilege access

For additional information, refer to How to use Policies in Dropbox Protect.

Step 8. Validate and monitor your setup

Confirm that Protect is working as expected:

• Use Reports to monitor sharing activity and identify trends
• Review Action history to validate completed changes
• Confirm that Policies are active and enforcing rules

At this point, your environment is set up for ongoing access governance.

Try it: common scenarios

Remove public links at scale

• Filter by Open public links
• Select items
• Remove links using bulk action
• Review results in Action history

Remove personal account access

• Filter by Personal accounts
• Select items
• Remove collaborators

Validate access for an audit

• Filter by app and owner
• Review collaborators
• Export a report

Automate access enforcement

• Create a policy (for example, remove public links)
• Enable alerts or actions
• Activate the policy

Your first month with Protect

Week 1: Build visibility

• Connect apps and review content
• Identify high-risk sharing patterns
• Use filters to explore data
• Address high-risk exposure

Week 2: Reduce risk

• Remove stale or unnecessary access
• Standardize link behavior
• Introduce simple policies

Week 3: Automate

• Expand and refine policies
• Enable alerts
• Reduce manual effort

Week 4: Monitor and audit

• Review reports and trends
• Validate actions
• Audit sensitive content

Ongoing review rhythm

Weekly

• Review alerts
• Investigate unusual access
• Take action

Monthly

• Review Action history
• Refine policies
• Identify recurring risks

Quarterly

• Audit sensitive content
• Clean up stale data
• Review access standards

Common mistakes to avoid

• Not validating filters before bulk actions
• Creating policies before understanding sharing patterns
• Leaving outdated external access in place
• Making changes without notifying collaborators
• Skipping Action history review

Success checklist

You’re set up for success when you can:

• Identify high-risk exposure quickly using filters
• Review and understand access patterns
• Use bulk actions to update permissions safely
• Create and manage policies with clear intent
• Validate changes using Reports and Action history
• Maintain a consistent review process

Final tips

• Start small and expand gradually
• Use policies to reduce manual work
• Always review Action history after bulk actions
• Communicate major access updates