Mar 01 2024 12:35 AM - edited Mar 01 2024 01:45 AM
Hi All,
How to block file save on mobile device from broswer and apps?
I have tried using session control to block download files from broswer,
I have also set app protection to block download file from apps, but it has no effect.
Do I need to use app protection with condition access?
But when I use it with condition access, it will get stuck in edge browser verification.
Is there any way to achieve my goal?
Mar 01 2024 01:02 AM
Mar 01 2024 01:10 AM - edited Mar 01 2024 01:28 AM
Hi @SebastiaanSmits,
This is Android devices,
I have tried using session control to block download files from broswer, but can't block from apps.
I want to block m365 whaterver download from broswer or apps.
Mar 01 2024 01:33 AM
Mar 01 2024 01:33 AM
Mar 01 2024 01:44 AM - edited Mar 01 2024 02:11 AM
Hi @NicklasOlsen,
My Andriods with Corporate-owned dedicated devices mode,
I 've tried to manage app protect with CA,
when I use Edge to login outlook, it popup google store to install company portal,
but it can't join company portal because it can't creat work profile.
So if my Andriod with Corporate-owned dedicated devices mode,
it can't use app protect ?
Mar 01 2024 01:47 AM - edited Mar 01 2024 01:49 AM
Hi @SebastiaanSmits,
I will upload pictures to my question homepage, you can take a look at my question page.
I success block download files from session control, but apps not.
Mar 01 2024 01:51 AM
Mar 01 2024 02:00 AM - edited Mar 01 2024 02:14 AM
Hi @SebastiaanSmits,
I use condition access, select my account and only allow Android devices, and select Office365, grant is not set, select Use Conditional Access App Control in the Session field, then select Use custom policy, and add a session policy on the Defender. As long as the user has login activity, if I download files will be blocked by session policy.
However, I also added an access policy, but it has no effect on the app outlook.
Someone told me that session control can only block browser download,
App blocking requires the use of app protection.
Mar 01 2024 05:54 AM
Mar 01 2024 06:29 AM
Mar 04 2024 03:26 AM
I performed some test on my Android device. From the Android device when I use a browser (chrome) the Session policy for restrict copy/paste and download al function but from the Outlook app it does not work. I am also never prompted the traffic is routed through MDCA.
This is all tested on unmanaged devices but it should not be different for managed. The thing is I am unable to find a conclusive answer in the Docs about this only being for browsers but I beginning to think this is indeed the case.
Mar 04 2024 07:28 AM
Mar 04 2024 05:51 PM - edited Mar 04 2024 05:55 PM
Hi @SebastiaanSmits,
Thank you for your reply,
Regarding app protection, I have enabled the block option for all settings that allow file copying or sharing, but my testing has not been effective. I simply adjusted the app protection options and assigned devices and accounts. Later, I used a combination of CA to set it, but when combined with CA, it would be directed to the Edge browser, and would show that my app is not compliant or Access denied - the app must be protected with an Intune policy, I set all apps for policy.
I have spent a lot of time testing this, will it be related to the registration method I use on my phone? I have tried dedicated mode and fully managed user mode.
But I have seen that other people's phones can really prevent file downloads.
Mar 04 2024 09:38 PM
Mar 04 2024 09:59 PM - edited Mar 04 2024 10:00 PM
Hi @SebastiaanSmits.
1. "But I have seen that other people's phones can really prevent file downloads.", I have confirmed that the M365 app (like outlook, word, Excel, etc.) will be blocked later, but adobe reader not.
2. (COBO or COSU)
The original customer requirement was not to download files to company's PAD. When they use Outlook, Word, Excel, OneDrive, etc., if the files are downloaded to the phone's storage and then uploaded to personal emails or Google Drive, etc.
I will test the app protection again,
Thank you for your help.
Mar 04 2024 10:15 PM
Mar 05 2024 12:36 AM