Aug 01 2023 10:24 AM
Hello Community,
We're trying to understand MDCA + OneDrive for business
Contractors connecting through remote access solution, meaning contractors will have access to our data and can download to their devices. (Unmanaged device)
1. How can we detect this and block/encrypt the data?
2. Eventual external sharing capabilities
Aug 02 2023 09:23 AM
I think you can create a session policy that detects download from unmanaged devices, something like this:
In this case I'm using a sensitivity label that is already configured, and of course, I have some files marked with that label.
Of course if you remove the filter, the action will apply do any unmanaged device.
In order to work you must have the application covered by a Conditional Access Policy in AAD (in my case I'm applying to SharePoint, but I think this is not a problem).
For the sharing take a look to the policy template named: "File shared with unauthorized domain"
and play a bit with the filters. Under the governance actions you have several options to remove the share or remove collaborators. I never tested it anyway...
Aug 24 2023 12:47 PM