Blocking download files with sensitive data from desktop client Apps on non-domain joined systems

Question

What is the best way to block downloading files with sensitive data on to non-domain joined personal desktops using desktop client apps (Outlook, One Drive, Teams...).

Using Conditional access policies with Cloud App Security, we can block file downloads which contains sensitive data by configuring Session policies. However session policies applies to browser based apps,but not thick clients.

We don't want to block thick clients, just want to block sensitive data file downloads onto personal desktops.

Can we block by using Microsoft CASB solution, or any other process we need to follow?

Any guidance to resolve this issue is much appreciated.

Thanks in advance

fananico · Answer

Hi,Session policies don’t support mobile and desktop apps. Mobile apps and desktop apps can be blocked or allowed by creating an access policy.However access policies do not allow block of download.You can use this link to block download via a SharePoint policyhttps://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices.Thx,Shlomi

vkantamneni · Answer

Fananico&nbsp;&nbsp;Thank you Shlomi,&nbsp;We have already applied this settigns. However, we don't want to block&nbsp; all downloads, just want to restrict downloading sensitive data onto non-domain joined PCs ( personal PCs).

fananico · Answer

VKantamneni&nbsp;&nbsp;Hi,&nbsp;what are you considering as sensitivity data?is it based on information protection labels, PII, PCI data?&nbsp;Thx,&nbsp;Shlomi

vkantamneni · Answer

Fananico&nbsp;&nbsp;Yes, sensitive data like US SSN, Bank Account number, Driving license (PII).

fananico · Answer

Have you tried using session policy, configured to trigger for non domain joined devices or no compliant devices and trigger a block download based on DLP?

Forum Discussion

Blocking download files with sensitive data from desktop client Apps on non-domain joined systems

Share

Resources