Forum Discussion
Blocking download files with sensitive data from desktop client Apps on non-domain joined systems
Hi Venkat,
It is recommended that you block mobile and native clients by using an access policy. You can customize the block message to inform the user to either access the application on a domain joined/managed machine or navigate to the web-based application. Forcing users to access the app via the web-based application will allow you to apply session controls and prevent the download of sensitive information to an unmanaged device. Please note, if the mobile or client app is using an embedded web frame, session policies will still apply to that application. If you still want to allow thick clients to access that data, you should consider applying protection on it as we can’t apply control on unmanaged devices.
More information can be found here: https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad#access-controls