How to block installation of Dropbox / Google Drive etc.

Hi Harry Dubois and all
I just tried it and it works fine for standard users. However, if someone is installing Google Drive application with a local admin, they can install it unfortunately. I know, that the solution for this, would be to not give users the local admin password, but unfortunately they cheat the system, because they request the local admin password for a valid things and install an unallowed cloud storage apps with local admin. Does anyone have any idea how to disable cloud storage apps (Dropbox, Google drive and a lot of unknown others) with Intune for standard and admin users also?

Is this a statement, answer or question :-), I'm not sure if I understand your sentence correct.

 

I will answer to clarify my statement a bit anyway :-)

AppLocker can control store apps, executables etc. you can build a rule set to allow some executables or block some executables and this is even possible for store apps. 

If you like to prevent all executables you could go for S-Mode to only allow store apps which is a great level of security in the end.

If you like to allow the user to install only store apps but you like to deploy executables by a management solution like Intune or ConfigMgr you should go for AppLocker and build a rule set to block everything except the deployed apps from your management software (and of course the system apps). This approach needs quite a bit of work and operational effort as every new app must be whitelisted. 

You can find an Intune AppLocker rule set example with focus on security published in the Windows 10 managed with Intune guide from the UK National Cyber Security Centre here: 

https://www.ncsc.gov.uk/guidance/eud-guidance-windows-10-1803-mobile-device-management

 

best,

Oliver