Fantomo Platform — In-Depth Browser Policy & DLP Management

Business View Take a Deeper Look

Smart Website Controls

Create clear guidelines for what websites your company uses. Block unsafe sites, redirect users to approved tools, and present guidance notices automatically.

Guided Traffic: Steer staff toward corporate-approved software.
Pre-Packaged Categories: Instantly manage entire categories of sites, like social media or generative AI.
Group Flexibility: Target rules and define exceptions using Google Workspace and Office 365 OUs and Groups.
Frequency Caps: Set how often employees see policy warnings to avoid message fatigue.

Matches are priority-sorted and support exact domain, URL fragment, domain pack, or AI-powered classification. Rules evaluate locally inside the browser extension process in under 50 milliseconds, supporting targeted assignments and exclusions by user, group, or OU path.

Automated Background Installation

Install the software across all company computers instantly without bothering your employees. The installation happens silently in the background, and cannot be deactivated or removed by staff.

Zero Staff Effort: No login prompts, setup wizards, or employee actions required.
Permanent Security: Runs natively in the browser so it cannot be toggled off or bypassed.
Centralized Control: Works with standard device management systems used by your IT administrator.
Instant Sync: Automatically registers new browsers in your dashboard.

Leverages Chrome/Edge enterprise force-install schemas. Configures using native plist policies on macOS and registry settings on Windows. Compatible with Microsoft Intune, Jamf Pro, Kandji, Mosyle, and Fleet.

{ "ExtensionSettings": { "[email protected]": { "installation_mode": "force_installed", "update_url": "https://clients2.google.com/service/update2/crx", "managed_schema": { "tenant_id": "tnt_839f201d2a3", "api_endpoint": "https://api.fantomo.io" } } } }

Prevent Data Exposure

Ensure sensitive organization files, customer credentials, and intellectual property don't get uploaded to unauthorized websites or public AI tools.

On-Device Scans: Scanning happens locally on the employee's computer, so raw data never leaves their device.
Automatic Detection: Identifies when sensitive items like credit cards or account keys are typed.
Clear Warnings: Alerts employees when they attempt to share sensitive corporate materials.
Justified Exceptions: Allows staff to proceed if they submit a valid business reason (e.g. for customer support).

Runs regex pattern matchers on form payloads, clipboards, and file drops inside the content script context. Features pre-built regex for SSNs, AWS API keys, and database connections.

Shadow IT Discovery

Discover which software applications are trending inside your company. Spot security outliers or sudden adoptions of new tools so you can consolidate software costs.

Software Trend Spotting: Find out if multiple staff members are signing up for the same new website.
Secure Accounts: Protect against browser hijacks or compromised login credentials.
Simple Oversight: View alerts and trending tools in a single company dashboard.
Staff Privacy: Focuses strictly on software adoption metrics without logging personal employee searches.

Monitors signup form actions and matches against a localized database of SaaS indicators. Aggregates data daily to trigger anomaly alerts based on z-score changes in domain registrations.

Tenant Security Compliance

Audit and remediate tenant security profiles for M365 and Google Workspace. Review status checklists, receive configuration drift alerts, and automate setup.

JIT Consent Model: Uses temporary elevated credentials that automatically self-destruct in 15 minutes.
Frictionless Manual Steps: Grouped by Control Panel dashboard location so administrators can execute steps sequentially.
Config Drift Monitoring: Scans tenants daily to detect unauthorized changes, notifying admins of configuration drift.
ITSM Integrations: Automatically generates high-priority tickets in connected PSA systems like ConnectWise and Autotask.

Evaluates tenant profiles (MFA, Conditional Access, legacy mail protocols, and consent controls) via M365 Graph and Google Admin Directory APIs. Runs daily scan checks to flag and alert on configuration drift.

Specifications

Granular feature comparisons

Technical breakdown of policies, enforcement methods, and reporting options.

Feature & Capability	Core Plan	Required Add-on / Tier
Browser Rule Engine Steer employees toward approved websites and SaaS tools. Block unauthorized pages and show guided policy messages.	Included	Standard
Silent Deployment (Force-Push) Centralized background installation via Microsoft Intune, Jamf Pro, or GPO. Runs as a locked browser policy so staff cannot remove or toggle it off.	Included	Standard
SaaS Signup Detection Automatically logs when staff members create accounts or sign in to unauthorized tools.	—	Shadow IT & SaaS Management ($99/mo)
Slack Alerts & Webhooks Send immediate alerts to Slack channels or external security systems when risky events or signups occur.	—	Shadow IT & SaaS Management ($99/mo)
Data Loss Prevention (DLP) Prevent data leaks by blocking employees from typing sensitive patterns (like credit card numbers or API keys) into generative AI or external sites.	—	Policy Auditor / DLP ($29/mo)
Detailed Session Audit & Retention Logs compliance histories and software usage with customizable audit retention logs (30 days to 4 years).	—	Full Browsing & Analytics ($119/mo)
Tenant Security Compliance Audit M365 and GWS configurations, trigger automated remediation using 15-minute JIT credentials, and receive alerts on configuration drift.	—	Tenant Security Compliance ($49/mo)
Network Performance Diagnostics Monitors page load latency and response times to diagnose remote employee connection and website performance issues.	—	Remote Network Telemetry ($59/mo)