Data Protection policies for web apps

Question

Hi Microsoft Intune Community,&nbsp;What are the options to set up similar data protection policies for Web versions of the Office apps which you can find in Intune?&nbsp;Lately i have set up data protection policies for IOS platform. But you can easily skip these by just going to the webversion of the app. For example outlook.office.com.&nbsp;Im very curious how other have solved this challenge

oktay sari · Answer

Thx for jumping in&nbsp;Moe_Kinani&nbsp;‌‌.&nbsp;MohFarah&nbsp;App protection policies will help for sure.&nbsp;&nbsp;You mentioned that users sometimes use laptops too. If you want to dive in a little deeper with regards to Windows devices and BYOD. Perhaps Windows Information Protection (https://allthingscloud.blog/windows-information-protection-wip/) can help with data protection on the device itself. I'm not saying WIP is something you should do right away though.. Your best option for BYOD Windows scenario is limited browser access only. If that's not enough, perhaps Windows 365 could do the trick. But sometimes, and in some scenario's WIP can be of added value too. Check out the series of posts I wrote on https://allthingscloud.blog/windows-information-protection-wip/&nbsp;if you want to learn more.

moe_kinani · Answer

Hi&nbsp;MohFarah&nbsp;&nbsp;Oktay Sari&nbsp;has mentioned great solutions for the issue, I would like to mention one more that I like to use for my clients when applying App Protection Policies which is approved Apps. This way, users cannot open the mail using web browser or any other unapproved apps like Mail ‘IOS native’, Gmail etc.&nbsp;&nbsp;Moe&nbsp;https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection

moe_kinani · Answer

MohFarah&nbsp;&nbsp;Yes, App protection Policies apply on unmanaged devices. You should be able to achieve your goal (restrict copy and paste etc) by using App Protection Policies.&nbsp;Moe&nbsp;https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy&nbsp;https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies

oktay sari · Answer

Hi&nbsp;MohFarah,&nbsp;what is it that you are looking for exactly? Do you want to limit access to Office 365 Online? Like copy/paste/download on unmanaged devices? If so, you can do a couple of things:Restrict access from unmanaged devices to SharePoint Online and Exchange Onlinehttps://docs.microsoft.com/en-US/sharepoint/control-access-from-unmanaged-devices?WT.mc_id=365AdminCSH_spohttps://docs.microsoft.com/en-us/powershell/module/exchange/set-owamailboxpolicy?view=exchange-ps&nbsp;(ReadOnly)Create a conditional access policy with https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session#application-enforced-restrictionshttps://docs.microsoft.com/en-us/defender-cloud-apps/proxy-intro-aadPlease note: When you set policies from the SPO admin portal. It will create 2 conditional access policies targeting all users. Keep that in mind ;).&nbsp;Hope this helps.&nbsp;

mohfarah · Answer

Hi&nbsp;Moe_Kinani&nbsp;&nbsp;Thank you for your quick reaction.&nbsp;&nbsp;So the solution you mentioned, is it possible to apply it to private mobile devices (unmanaged)?&nbsp;The client i'm working for has coworkers which use there personally owned mobile devices(sometimes laptops), so you could speak about BYOD. But regarding sensitive information, they would want option like copy/paste etc turnt of on the mobile versions of the Office apps.

Forum Discussion

Data Protection policies for web apps

7 Replies

Resources