Forum Discussion
Prevent Teams to save files to Dropbox on iOS and Android
Hello!
All of our mobile devices are Azure AD registered.
We have configured two app protection policies, one for iOS and one for Android.
You can find the configuration of the app protection policy below. The problem is, that the users can still save files from Microsoft Teams to Dropbox.
How can I prevent the users to save files from MS Teams to private storages?
7 Replies
For your information :)...
When configured: Policy Managed Apps --> dropbox is visible and you are able to save it to dropbox. But at the same time the data is encrypted... so the data is "worthless"
If you configured policy managed apps with os sharing on mdm enrolled devices your data will be unencrypted and you could save it to dropbox
If you configured Policy managed apps with Open-In/Share filtering the option to save to dropbox is gone.... like you would expect with policy managed apps... 🙂
App Protection: Attack of the OS-Sharing - Call4Cloud
I tested some things last afternoon
Policy managed apps: Only allow sending org data to other policy managed apps --> will give you the possibility to send data to whatsapp/dropbox even when all the docs are telling us it shouldn't ?
Configuring that option to none.... removes all the options.... (like expected) The same goes with the onedrive app.... setting the send data to ... to none... removes all options...
I guess we need to climb up the ladder to find out why...It looks like this picture from the ms docs tells us why ?
Hi
Are you 100% sure the devices has received the app protection policy? Normally when configuring the save copies to block but looking at the ms docs
https://docs.microsoft.com/nl-nl/mem/intune/apps/app-protection-policy-settings-ios?WT.mc_id=Portal-Microsoft_Intune#data-protection
This settings is supported by Microsoft Excel, OneNote, Outlook, PowerPoint en Word. I guess I am missing teams. I am noticing the same thing..UPDATE: decided to write a blog about this issue and which options you have to block it.
I guess for now. Compliance policy to block the device when dropbox is installed... or using MCAS and sanction dropbox as non approved app...
Rudy_Ooms_MVP Hi Rudy! First thank you for your reply. The app protection policy is doing the stuff, for example the apps in scope require the pin/biometrics to start them and also on iOS i cannot save the files direct to the Files app (ootb iOS app for iCloud and local storage).
The problem is, that I can still save the files from Teams on DropBox, Google Drive etc.
Is there any way to check what kind of policies are working when opening an app on a mobile device? (like the "what if?" tool for the conditional access policies)
I did a blog about mam sometime ago ... https://call4cloud.nl/2021/03/the-chronicles-of-mam/
But just like you experienced.. when dropbox is installed you can copy file to it... even when its app protection policy is on block...You could configure the send org data to other apps to none... but ... i guess that's something you don't want
- It really depends on on what extend you want to protect your devices.
You may consider AIP, take a look at:
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
Take a look at:
https://docs.microsoft.com/en-us/microsoft-365/solutions/configure-teams-three-tiers-protection- Hi! Thanks for your reply. MIP is a topic we are working on, but takes time. Basically the requirement is to prevent saving any file from MS Teams / Excel / SharePoint etc. to private storage like Dropbox and Google Drive on iOS and Android.
