Forum Discussion

Brass Contributor

Jan 13, 2020

Blocking download files with sensitive data from desktop client Apps on non-domain joined systems

What is the best way to block downloading files with sensitive data on to non-domain joined personal desktops using desktop client apps (Outlook, One Drive, Teams...). Using Conditional access po...

Cloud App Security

VKantamneni

Brass Contributor

Feb 03, 2020

Fananico

Thank you Shlomi,

We have already applied this settigns. However, we don't want to block all downloads, just want to restrict downloading sensitive data onto non-domain joined PCs ( personal PCs).

Fananico

Copper Contributor

Feb 03, 2020

VKantamneni

Hi,

what are you considering as sensitivity data?

is it based on information protection labels, PII, PCI data?

Thx,

Shlomi

VKantamneni
Brass Contributor
Feb 04, 2020
Fananico

Yes, sensitive data like US SSN, Bank Account number, Driving license (PII).
- Fananico
  Copper Contributor
  Feb 04, 2020
  Have you tried using session policy, configured to trigger for non domain joined devices or no compliant devices and trigger a block download based on DLP?
  - VKantamneni
    Brass Contributor
    Feb 04, 2020
    Fananico
    
    Yes, session policies applied for browser based access only. applied and working fine for browser sessions. Desktop client apps not blocking.