Locking down mobile O365 apps to prevent company data exfiltration

Copper Contributor

I set a Mobile App Protection Policy in Microsoft Intune for Azure to lock down what users are able to do within Outlook mobile for iPhones (BYOD), however I'm running into an issue where I can still move company files from the Outlook mobile app to the mobile versions of Word, Excel, Powerpoint and from there export or send the data out freely. How can I disable the export options within Outlook mobile and prevent the other O365 mobile apps from exporting the data outside the app itself unsecurely?

3 Replies

Which setting did you configure for Allow app to transfer data to other apps?

And what do you mean by move files, the actual process of copying the file? Or copy/pasting from within the file?

Hi Vasil, I set it to Policy Managed Apps. Even with this setting in place though, I can still export data out of there via an "Open In..." button on the top right of the file I opened or through another O365 mobile app allowed by the policy itself.

That's my point - I don't believe the policies apply on the "whole file" level. For such scenarios, you can use file-level encryption, as in Azure Identity Protection.