Forum Discussion
Corporate data restriction using Intune for Windows BYOD Devices
Hi Folks,
A customer has a business requirement where external users are provided corporate identity (Email ID) and those users access emails or corporate data from their personal Windows Laptops. For this scenario customer want to restrict corporate data access within approved applications like MS Outlook, Word, Excel and OneDrive but without enrolling external users' devices in Intune.
In addition to this customer wants to block copy of data from MS word to Notepad or wordpad, block screen shots and block copying of data to local disk - this is pretty much similar to MAM Android or iOS policies that customer wants to do with Windows Devices.
We tried this with Windows Information Protection (WIP) policies but couldn't achieve this. Please suggest, if it can be achieved with WIP policies or is there any other way to achieve this using Intune. Thanks.
- Hi M.Sheeraz,
It is achievable. You can use the article below to configure with Conditional Access. Please let me know if you have any question!
https://www.inthecloud247.com/force-windo
2 Replies
M. Sheeraz Ansari. I used WIP policies for a similar use case and I also struggled with this. In my case I forgot about 2 prerequisites:
- configuring the MDM and MAM user scope in Azure AD: https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure
- there were several Windows 7 and Windows 8.1 devices in scope while Windows 10 1607 is minimum requirement.
I hope it helps and keep me posted.
- Hi M.Sheeraz,
It is achievable. You can use the article below to configure with Conditional Access. Please let me know if you have any question!
https://www.inthecloud247.com/force-windo
