Forum Discussion

SRAJAKUMARM365AZURE's avatar
SRAJAKUMARM365AZURE
Copper Contributor
Aug 16, 2021

Is it possible restrict save files only to OneDrive through Windows Information Protection?

Dears,

 

We have implemented Windows Information Protection through Intune App protection policy on Windows 10 Operating System and are able to block cut/copy paste data from Work apps to personal apps.

 

Is it possible to restrict saving/copying files only to OneDrive (OneDrive sync folder on the laptop hard disk and not on any other location on the local hard disk or USB? 

 

  • Hi,

    Just wondering, but why do you want to prevent it? If you implemented wip, your files will be marked as corporate.. so they won't be able to be opened from another account/device. (if policy set to block)

    Just wondering about the idea behind it so I can give a good advice
    • SRAJAKUMARM365AZURE's avatar
      SRAJAKUMARM365AZURE
      Copper Contributor
      Hi Rudy,

      Thanks for your support. It is one of the requirements of the business. They want to keep the data only on Onedrive. We tried copying the work file to another device and we are able to copy and open the work file from another tenant user account.

      Also, I have read the following important point from the below URL "While WIP can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data." Does it mean WIP cannot be used to block copying/restrict files to local hard disks and USB?

      https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip
      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP

        SRAJAKUMARM365AZURE 

         

        Wip is not meant to "block" data copy to USB but encrypting the org data.

        When a document is marked as corporate and you try to copy to an USB media you will be prompted if everything is configured correctly.. If you didn't configured the allow override the  "copy as personal" is not available

         

        Are you sure the document you opened in another tenant is a wip protected file? I am not a fanboy of wip but I can't imagine a encrypted wip document is able to be opened by a non authorized user

         

         

         

         

        And there are more options available to block USB media

         

        O Removable Storage, Where Art Thou? - Intune Device Control (call4cloud.nl)

         

Resources