Forum Discussion

Yahmed765's avatar
Yahmed765
Copper Contributor
Dec 05, 2024

File types restriction on Android OneDrive

Hi guys,

I have an intune to manage android tablet in my company and I am trying to make a policy to restrict downloading (Make available offline), but i don't know how to achieve that. i can't find anything relevant in internet. I would really appreciat it if anyone can help me with that.

Summary of the desired result: users of android tablets can make sharepoint folders available offline but only for specific files (pdf, docx,pptx,xlsx) and other file types shouldn't be available offline because of their big size such as (dwg,dxf,stp).

Thank you in advance!

Mobile Application Management (MAM)
mobile device management (mdm)

1 Reply

Sort By
  • kyazaferr's avatar
    kyazaferr
    Steel Contributor
    Dec 09, 2024

    Use SharePoint Storage Quotas or Restricted Libraries

    • Instead of outright restricting file types, create document libraries or folders specifically for large files (e.g., .dwg, .dxf, .stp) and exclude them from offline availability in SharePoint.
    • In the SharePoint settings for those libraries:
      • Go to Library Settings > Advanced Settings.
      • Set Offline Client Availability to No.

    2. Configure Intune Application Protection Policies

    • In Intune, you can create policies to control how data is accessed and used within managed apps like OneDrive:
      • Go to Microsoft Endpoint Manager Admin Center > Apps > App protection policies.
      • Create a new policy or edit an existing one targeting Android devices.
      • Set policies like:
        • Prevent Save As to restrict data copying.
        • Restrict file transfers to block certain actions on unmanaged file types.

    3. OneDrive Admin Center Settings

    • Configure OneDrive settings to limit offline access:
      • Log in to the Microsoft 365 Admin Center.
      • Navigate to the OneDrive Admin Center > Sync.
      • Adjust settings to limit the syncing of specific libraries.

    4. Create a Custom Intune App Configuration Policy

    • You can configure OneDrive using app configuration policies in Intune. Although there's no direct setting for specific file types, you might be able to:
      • Control how users can sync files and folders.
      • Limit download behavior by restricting app data management policies.
      Steps:
      1. Go to Microsoft Endpoint Manager > Apps > App configuration policies.
      2. Create a policy for the OneDrive for Business app targeting Android devices.
      3. Use configuration keys to control app settings, such as restricting offline sync options. Check Microsoft's documentation for available keys for OneDrive.

    5. Consider Conditional Access and Labels

    • Use Microsoft Information Protection (MIP) labels to classify sensitive files and configure policies to restrict access or usage based on labels. For example:
      • Label large files with a classification that prevents offline sync.
      • Create a DLP (Data Loss Prevention) policy in the Microsoft Purview Compliance Portal to enforce restrictions on large file types.

    6. Educate and Enforce Policies

    • Communicate with end users about which folders can be made offline and ensure policies are enforced at a training level for effective compliance.

Resources