Forum Discussion
Solved
Prevent users from making copies of SharePoint/OneDrive data that was downloaded via sync app
We have a client who is planning to roll out OneDrive for Business and SharePoint. The goal is to allow users to synchronize [SharePoint/OneDrive] libraries on their laptops, using the sync app.
We already put in place policies to prevent users from syncing from non-domain-joined computers, and their hard drives are also encrypted (in case a laptop is stolen). We know you can limit actions on data in the portal, such as copying, forwarding, saving-as, downloading, etc.
The main concern, however, is how do we prevent users from making copies of the files that will reside in their laptops once the libraries have been synced on their laptops.
The focus of this post is not on an outside attacker, but rather on the employee itself. For instance, a user may not necessarily need to get fired to be disgruntled and make copies of the data before departing, s/he may make a copy of the data anytime prior to the termination. How do we prevent this? or is it even possible?
- you may want to take a look at Windows Information Protection, which is native in Windows 10 from release 1607, and takes policies defined in Intune or SCCM
https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/introducing-windows-information-protection/
https://blogs.technet.microsoft.com/cbernier/2017/05/19/windows-information-protection-explained-windows-10-creators-update/
Consider using IRM.
OneDrive sync on Windows now supports IRM protected SharePoint document libraries:
IRM can limit actions on downloaded files for users with Read Only permissions, but users with Edit or Full Control will be able to take the data wherever they want
If necessary, access to IRM protected documents can be revoked, which is what Marcelo Gonzalez needs, if I understand well...
- you may want to take a look at Windows Information Protection, which is native in Windows 10 from release 1607, and takes policies defined in Intune or SCCM
https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/introducing-windows-information-protection/
https://blogs.technet.microsoft.com/cbernier/2017/05/19/windows-information-protection-explained-windows-10-creators-update/Hi Marcelo, we are looking for similar capabilities. Could you please let know if this served your needs?
