Jun 13 2022 05:46 AM
Hi Microsoft Intune Community,
What are the options to set up similar data protection policies for Web versions of the Office apps which you can find in Intune?
Lately i have set up data protection policies for IOS platform. But you can easily skip these by just going to the webversion of the app. For example outlook.office.com.
Im very curious how other have solved this challenge
Jun 13 2022 08:06 AM - edited Jun 13 2022 08:07 AM
Hi @MohFarah, what is it that you are looking for exactly? Do you want to limit access to Office 365 Online? Like copy/paste/download on unmanaged devices? If so, you can do a couple of things:
Please note: When you set policies from the SPO admin portal. It will create 2 conditional access policies targeting all users. Keep that in mind ;).
Hope this helps.
Jun 13 2022 06:40 PM - edited Jun 13 2022 06:41 PM
Hi @MohFarah
@Oktay Sari has mentioned great solutions for the issue, I would like to mention one more that I like to use for my clients when applying App Protection Policies which is approved Apps. This way, users cannot open the mail using web browser or any other unapproved apps like Mail ‘IOS native’, Gmail etc.
Moe
Jun 14 2022 12:28 AM
Hi @Moe_Kinani
Thank you for your quick reaction.
So the solution you mentioned, is it possible to apply it to private mobile devices (unmanaged)?
The client i'm working for has coworkers which use there personally owned mobile devices(sometimes laptops), so you could speak about BYOD. But regarding sensitive information, they would want option like copy/paste etc turnt of on the mobile versions of the Office apps.
Jun 14 2022 12:37 AM
Hi @Oktay Sari,
What I'm looking is very simple:
Restrict limit acces to O365. So indeed like you mentioned, block copy/paste/download on unmanaged devices. I see that your provided me with some links, so I will go and have a look.
A brief summary of the situation at the client:
Currently moving from a on premise environment to a full Cloud only environment. So migrating a lot of data to SharePoint/Teams/OneDrive.
Some of the data being moved is very sensitive for the company and they wanna make sure that security is top notch, especially on unmanaged devices.
Jun 14 2022 03:13 AM - edited Jun 14 2022 03:16 AM
Yes, App protection Policies apply on unmanaged devices. You should be able to achieve your goal (restrict copy and paste etc) by using App Protection Policies.
Moe
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policies
Jun 14 2022 07:46 AM
Thx for jumping in @Moe_Kinani . @MohFarah App protection policies will help for sure.
You mentioned that users sometimes use laptops too. If you want to dive in a little deeper with regards to Windows devices and BYOD. Perhaps Windows Information Protection (WIP) can help with data protection on the device itself. I'm not saying WIP is something you should do right away though.. Your best option for BYOD Windows scenario is limited browser access only. If that's not enough, perhaps Windows 365 could do the trick. But sometimes, and in some scenario's WIP can be of added value too. Check out the series of posts I wrote on WIP here if you want to learn more.
Nov 15 2022 01:15 AM
@Oktay Sari @Moe_Kinani Thank you both for your answers!