MicrosoftCouple of detailed questions:
1. Does this need to be labeled on a site level, or can this block only specific senisitivity-labeled files from any site? (probably site level as there are configurations on label that refer to sites in entirety, but perhaps theres other way?)
2. Can this also prevent file sync via OneDrive desktop client selectively, so for example I could set up a CA to require compliant devices to sync specific sites but not to block syncing individual OneDrives?
3. If yes to the above, does that also blocks opening such files in desktop Office apps? I find that scenario particularly limiting in its configuration options. Afaik, without MDCA, it's either a full sync-download-desktop-coauthoring block for a site or entire ShP, or full downloads, syncs & desktop coauth allowed. I'd love to maintain the ability to open individual files in rich Office desktop apps while at the same time block en masse download/sync scenarios.
