Can i block uploads to cloud apps?

Contributor

Hi everyone,

 

Does anyone know if possible to block uploads to certain cloud apps using Defender for Cloud Apps?

 

For example block uploads to Onedrive (personal) or Google Drive (Personal) or Dropbox (personal).

 

I have seen that before that the endpoint client was able to identity personal versions of cloud apps and then block HTTP(S)/HTML POST commands.

 

The reason why only blocking uploads could be that customers and/or partners use such services. so we would want to allow our staff to download things that are sent to them but not to upload anything.

 

Best regards

2 Replies
I am not sure about your exact scenario but there are many ways to bypass this method, for example even if you block access to these websites, they might be able to open Google Drive Document and copy and paste contents and don't upload anything. You might block the upload feature but they might go and find other websites which are not in your blacklist and upload it there. Therefore, it is better to change your strategy and you may consider Windows Information Protection , take a look at:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protect...

And have a look at:

https://docs.microsoft.com/en-us/mem/intune/protect/data-leak-prevention

This is advance way to protect data and contents not only from uploading but in any form of leakage like copy and paste and you have power to prevent your data from being leaked.

Defender for Cloud Apps on its own is only a reverse proxy, which can monitor traffic to your corporate apps. Traffic to personal apps (Shadow IT) will not pass through Defender for Cloud Apps, so you will need something like a forward proxy or SWG with SSL inspection capabilities.

 

As @Reza_Ameri pointed out though, it is difficult to block access completely.