Forum Discussion

Copper Contributor

Dec 05, 2024

File types restriction on Android OneDrive

Hi guys, I have an intune to manage android tablet in my company and I am trying to make a policy to restrict downloading (Make available offline), but i don't know how to achieve that. i can't find...

Mobile Application Management (MAM)

mobile device management (mdm)

MCT

Dec 09, 2024

Use SharePoint Storage Quotas or Restricted Libraries

Instead of outright restricting file types, create document libraries or folders specifically for large files (e.g., .dwg, .dxf, .stp) and exclude them from offline availability in SharePoint.
In the SharePoint settings for those libraries:
- Go to Library Settings > Advanced Settings.
- Set Offline Client Availability to No.

2. Configure Intune Application Protection Policies

In Intune, you can create policies to control how data is accessed and used within managed apps like OneDrive:
- Go to Microsoft Endpoint Manager Admin Center > Apps > App protection policies.
- Create a new policy or edit an existing one targeting Android devices.
- Set policies like:
  - Prevent Save As to restrict data copying.
  - Restrict file transfers to block certain actions on unmanaged file types.

3. OneDrive Admin Center Settings

Configure OneDrive settings to limit offline access:
- Log in to the Microsoft 365 Admin Center.
- Navigate to the OneDrive Admin Center > Sync.
- Adjust settings to limit the syncing of specific libraries.

4. Create a Custom Intune App Configuration Policy

You can configure OneDrive using app configuration policies in Intune. Although there's no direct setting for specific file types, you might be able to:
- Control how users can sync files and folders.
- Limit download behavior by restricting app data management policies.
Steps:
1. Go to Microsoft Endpoint Manager > Apps > App configuration policies.
2. Create a policy for the OneDrive for Business app targeting Android devices.
3. Use configuration keys to control app settings, such as restricting offline sync options. Check Microsoft's documentation for available keys for OneDrive.

5. Consider Conditional Access and Labels

Use Microsoft Information Protection (MIP) labels to classify sensitive files and configure policies to restrict access or usage based on labels. For example:
- Label large files with a classification that prevents offline sync.
- Create a DLP (Data Loss Prevention) policy in the Microsoft Purview Compliance Portal to enforce restrictions on large file types.

6. Educate and Enforce Policies

Communicate with end users about which folders can be made offline and ensure policies are enforced at a training level for effective compliance.

Resources