cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can i block uploads to cloud apps?

RippieUK
Brass Contributor

‎Mar 18 2022 09:38 AM - edited ‎Mar 18 2022 09:40 AM

‎Mar 18 2022 09:38 AM - edited ‎Mar 18 2022 09:40 AM

Can i block uploads to cloud apps?

Hi everyone,

 

Does anyone know if possible to block uploads to certain cloud apps using Defender for Cloud Apps?

 

For example block uploads to Onedrive (personal) or Google Drive (Personal) or Dropbox (personal).

 

I have seen that before that the endpoint client was able to identity personal versions of cloud apps and then block HTTP(S)/HTML POST commands.

 

The reason why only blocking uploads could be that customers and/or partners use such services. so we would want to allow our staff to download things that are sent to them but not to upload anything.

 

Best regards

11.1K Views
0 Likes
3 Replies
Reply
3 Replies
Reza_Ameri

‎Mar 18 2022 12:14 PM

‎Mar 18 2022 12:14 PM

Re: Can i block uploads to cloud apps?

I am not sure about your exact scenario but there are many ways to bypass this method, for example even if you block access to these websites, they might be able to open Google Drive Document and copy and paste contents and don't upload anything. You might block the upload feature but they might go and find other websites which are not in your blacklist and upload it there. Therefore, it is better to change your strategy and you may consider Windows Information Protection , take a look at:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protect...

And have a look at:

https://docs.microsoft.com/en-us/mem/intune/protect/data-leak-prevention

This is advance way to protect data and contents not only from uploading but in any form of leakage like copy and paste and you have power to prevent your data from being leaked.
0 Likes
Reply
Jonhed

‎Mar 20 2022 10:08 AM - edited ‎Mar 20 2022 10:10 AM

‎Mar 20 2022 10:08 AM - edited ‎Mar 20 2022 10:10 AM

Re: Can i block uploads to cloud apps?

Defender for Cloud Apps on its own is only a reverse proxy, which can monitor traffic to your corporate apps. Traffic to personal apps (Shadow IT) will not pass through Defender for Cloud Apps, so you will need something like a forward proxy or SWG with SSL inspection capabilities.

 

As @Reza_Ameri pointed out though, it is difficult to block access completely.

0 Likes
Reply
Dr_Snooze

‎Feb 01 2023 11:23 AM

‎Feb 01 2023 11:23 AM

Re: Can i block uploads to cloud apps?

For future searchers, WIP has been deprecated in favor of a new, paid DLP tool from MS. In my testing, WIP was unable to differentiate between personal docs and business docs consistently. If the user was using a personal device, managed by an MDM (Intune in my case), WIP would mis-code their personal files as business. Not a problem until the user retires the device and finds all his personal files irrevocably erased. In general, WIP was a clunky solution. It only worked with certain programs, mostly from MS. Forget about editing PDFs, for example. WIP was difficult to turn off, and now, months after dismantling all my WIP policies, one of my test devices still shows lock icons on its files. I couldn't shake the feeling that with WIP lots of files would someday become un-openable, leaving me in a lurch. I opted not to use it. Hope that helps someone else.
0 Likes
Reply