Forum Discussion
Prevent users from making copies of SharePoint/OneDrive data that was downloaded via sync app
- you may want to take a look at Windows Information Protection, which is native in Windows 10 from release 1607, and takes policies defined in Intune or SCCM
https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/introducing-windows-information-protection/
https://blogs.technet.microsoft.com/cbernier/2017/05/19/windows-information-protection-explained-windows-10-creators-update/
IRM can limit actions on downloaded files for users with Read Only permissions, but users with Edit or Full Control will be able to take the data wherever they want
If necessary, access to IRM protected documents can be revoked, which is what Marcelo Gonzalez needs, if I understand well...
- I think they want users to work normally on their synced files, but prevent them from taking the data somewhere else. You cannot do that with IRM.
That's correct, Pablo. The goal is for users to work normally on their synced files, but prevent them from taking the data somewhere else by making copies of it. It's very hard to strike such balance, as users want to work with their data locally, but we don't want them to make copies of it.
So, even with Windows 10 + IRM, users will still be able to copy the data huh?
- That's correct, IRM won't prevent users with the proper permissions from taking the data somewhere else.
Take a look at the links I pasted about Windows Information Protection working with Intune or System Center policies. I think that's what you need.
My understanding is instead that he wants to revoke access after the firing of an employee, which is exactly what IRM allows...
Thanks for the feedback and the contribution, Salvatore Biscari.
To clarify the goal: the goal is to to prevent employees from making copies of the data; not necessarily when an employee termination takes place, but at any time. Revoking access is the easy part, the hard part is to provide access to the data, without allowing the data to be copied.
