Hi All, I have a customer who is looking to do DLP on managed macOS devices. Since there is no App Protection Policy (APP) capability in Intune for macOS, is there a way to prevent users from saving corp data to the local disk and/or external (USB) disks? Only allowing user to save attachments etc to OneDrive or SPO?
I see there are some device restrictions we can push with Intune, but none that restrict where users can save corporate data. At least not that I can see.
For unmanaged devices we will restrict the user to Browser only - Microsoft Defender for Cloud Apps proxied sessions where we can block downloads. However on a managed device, the users will be allowed to use the "thick" client (Mobile and Desktop App) to access corp data.
Customer is a Forcepoint DLP customer, but I don't know how to manage DLP without an agent on the macOS device.
Any suggestions? What are other customers with macs doing?
Can Conditional Access App control use Zscaler or something else as the CASB other than MCAS/MDCA?
Thanks in advance for any ideas or suggestions
