Introduction
WebDAV (Web Distributed Authoring and Versioning) is a protocol that allows users to move, copy, share and edit files through a web server. It can also be used to support collaborative applications with features like file locking. It allows users to collaborate on documents and files that are stored centrally. Many people recognize this as the network drive.
Security of the data stored on a file server is very important these days. WebDAV SSL is a secure connection to the WebDAVfile server to make it available outside the company's network. But how secure is it?
WebDAV SSL communication explained
Workspace 365 is not used as a proxy to access files from the file server.
Local Office Editors
If a user opens a file from a file server locally:
The user contacts/communicates directly with the file storage source.
An edited and saved file will be updated directly to the file server.
โ
โ
Office Online Editors
If a user opens a file online through the Office Online Server (OOS):
Files will be automatically saved on the file server.
The user does not communicate directly with the file storage source, but with the Office Online Server (OOS).
The web server handles the traffic/communication to the Office Online and file server.
Opening files from the file server: local or online?
The way how files are opened depends on whether we support the file type.
Supported files
Examples of supported files are: DOCX, XLSX, , POTX, PPTX and PNG/JPG.
Supported files are linked to a WebDAV URL, which will be sent to the Office Online Editors and opened online (Workspace can then view or edit the file from the browser) or can be openend locally.
Note: For PNG/JPG files we have built our own Workspace 365 preview and will always open via the browser.
Non-supported files
Examples of non-supported files are: PDF, DWG, PSD, Etc.
The file URI scheme is used to retrieve files from within one's own computer. Files will be downloaded and can be opened locally.
Note: For PDF files we did not build are own preview. However, once the file is downloaded, you can choose to automatically open this file type from your browser and open it locally.
WebDAV security
The way how we invoke supported and non-supported files differentiate from each other. But what does this mean for security, especially when people work from home and download and open files locally on their devices?
Online Editors:
In the article 'Secure your WebDAV SSL file server in IIS' we explain how to secure traffic between the file server and Workspace. Conditional Access policies in Microsoft Entra ID (previously called Azure AD), Intune and Firewalls are other ways to secure your company's data.
When a file is opened via O365 or OOS and is shown in Workspace, company data stays within this secure IP range.
Local Editors:
Data will be send through the internet to an unknown IP address outside the scope of your company's managed network (an IP address that is not included in the IIS IP whitelist).
Conclusion
We recommend to use O365 or OOS to open files with the Online Editors and remain within the secure connection via IIS.
The image below depicts the recommended situation in green (a user working from within the company's network using the online editors) versus the non-recommended situation in red (a user working from home for example using the local editors).
Note: For SharePoint files, we advise to use Microsoft 365 (Online Editors).