Forum Discussion
Control file upload to personal onedrive from managed devices
Most of the users have access to onedrive for business on their managed systems.
However these users also have their personal onedrive account. From the managed systems these users login into their personal onedrive via the browser and upload files onto their personal onedrive account.
How can I block the upload of files to personal onedrive account from managed systems using MCAS?
1 Reply
- MCAS by itself cannot block traffic to unmanaged websites, so first of all you will need a solution to do that. Something like Defender for Endpoint, an SWG, forward proxy etc.
(MCAS can restrict access to your business apps as a reverse proxy, it cannot act as a forward proxy which handles outgoing traffic)
If you use a solution that can integrate with MCAS such as Defender for Endpoint, Zscaler Internet Access etc, you could block Onedrive by categorizing it as unsanctioned, but this would most likely block onedrive for business as well.
Therefore, I do not think this is something that can be done with MCAS.
I would look into Azure AD tenant restrictions, which can restrict access to consumer microsoft accounts as well as Azure AD/Office 365 of other business tenants.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions
