Can we restrict copy corporate file data ( from Word, Excel, Outlook) onto personal PC ( we don't allow desktop apps on personal PCs to use corporate account, they need to use only browser session)? I know that we can create DLP policies to restrict sensitive data, however we want to restrict any corporate date opened in the browser on personal/public ( non-domain joined) PC to READ ONLY mode and not allow users to copy/ print/ sync/ save /save as.. browser function).
- We have Conditional access policy to use "App enforced restrictions" while for personal PC browser sessions and OneDrive/SharePoint restrictions restricting download / print. But users are able to select all and copy the data to their personal PC desktop apps like word / excel. We want to restrict this feature.
-And if users select "Save Page As" browser feature, they are able to save opened Office documents in html format. We would like to restrict this feature for any OneDrive/SharePoint files on their personal PC.