Forum Discussion
Block Open in Desktop option from Word/Excel Online on unmanaged devices
We are in the process of testing policies to restrict unmanaged device access to Microsoft 365. We have implemented Session policies in Defender for Cloud Apps to block cut/copy, print and download activities and these are confirmed working. The only issue we are experiencing is the user can still download the file if they click on the Editing drop down in Word/Excel Online and click Open in Desktop.
The business is not ready to outright block all unmanaged device access.
Any help appreciated.
2 Replies
- Yoann_David_Mallet
Microsoft
Hi!
one way to work around this is to block access from Client Apps, and only allow access from web browsers. This can be configured in a session policy.
Hope this helps!Thanks for the response, but the problem is these policies need to work on their own. If I create a policy to block downloads on unmanaged devices, they should work. Any action that allows me to download the file to my local PC should be prevented.
Update: I think you mean an Access policy? According to DFCA "Session control applies to browser-based apps. To block access from mobile and desktop apps, create an Access policy"
So I already had an Access policy setup to block client apps that I was testing but i'm having an issue raised here where it doesnt work for existing installs, only new ones. I tried what you suggested but because my install was already licensed, the file opened successfully.
I'm hoping that I am just doing something wrong, because I cant roll out these policies if they arent reliable.
Thanks.
