cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Current state of Session controls for Office 365?

Sergey Zelenov
Copper Contributor

‎Jan 11 2019 09:45 AM

‎Jan 11 2019 09:45 AM

Current state of Session controls for Office 365?

I am a bit confused about the current state of activity controls in the public preview of Conditional Access App Controls for Office 365? The only one I have available in my tenant is 'Block Print' - which works reasonably well, but makes no practical sense combined with a lack of ability to prevent download of the same file:2019-01-11_17-20-41.png

 

 

Does this simply mean that that one control was made available to simply illustrate the potential use of the technology, and is not intended to be used for anything other than that at this stage? Or am I missing something? 

Labels:
1,539 Views
2 Likes
3 Replies
Reply
3 Replies
best response confirmed by Sergey Zelenov (Copper Contributor)
Alex Esibov

‎Jan 13 2019 05:10 PM

‎Jan 13 2019 05:10 PM

Solution

Re: Current state of Session controls for Office 365?

Hi Sergey, happy to help you resolve this. Block download is possible in any app with session controls (the list of featured apps can be found here: https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad#supported-apps-and-clients). From your screenshots, it looks like download is not being blocked because a relevant policy is not triggered. To create a relevant policy for download controls, it should be of type "Control file download (with DLP)", in addition to the "Block Activities" policy you have created for Print. If you have any follow up questions, please reach out directly to me at alex.esibov@microsoft.com

2 Likes
Reply
Sergey Zelenov

‎Jan 14 2019 02:21 AM

‎Jan 14 2019 02:21 AM

Re: Current state of Session controls for Office 365?

Hi Alex - thanks for getting back to me!

 

Yes, it's the fact that two policies of different type rather than just one are required to achieve the desired effect that I missed. It is perfectly clear to me now.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Sergey Zelenov (Copper Contributor)
Alex Esibov

‎Jan 13 2019 05:10 PM

‎Jan 13 2019 05:10 PM

Solution

Re: Current state of Session controls for Office 365?

Hi Sergey, happy to help you resolve this. Block download is possible in any app with session controls (the list of featured apps can be found here: https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad#supported-apps-and-clients). From your screenshots, it looks like download is not being blocked because a relevant policy is not triggered. To create a relevant policy for download controls, it should be of type "Control file download (with DLP)", in addition to the "Block Activities" policy you have created for Print. If you have any follow up questions, please reach out directly to me at alex.esibov@microsoft.com

View solution in original post

2 Likes
Reply