Intune policy settings are required to restrict downloading, copying, and deleting... -Reg.

Copper Contributor

Hi everyone,

1) Is it possible in Microsoft Intune to set this up policy  that every time a user wants to download, copy, or delete something, the admin has to get the notification?

 

2)Is it possible to prevent the user from installing any app or software unless the admin grants permission? If the user wants to install something, the admin must grant permission.

 

If anyone has knowledge on these two types of policies, please send the required settings. It will be so helpful for me.

 

Thank you in advance.

2 Replies

Hi Akhil,

1. You may need to use EndPoint for DLP, you may get overwhelmed with the notifications though!

https://learn.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldw...

https://www.sharepointdiary.com/2020/06/disable-mass-delete-email-notification-in-sharepoint-online....

2. I would remove Admin privileges from the user and replace with standard user, this way user needs to check with IT before installing apps.
If still looking for notifications, you can use Log Analytics Agent and setup alerts to notify you on certain Event Viewer ID.

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

Hope this helps!
Moe

.

1)endpoint DLP or Intune+App Data Protction policy:https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy
2)All software is pushed to the company portal, or authorized by the administrator with the Azure AD access review