Can I prevent users uploading into OneDrive from mobile app?

%3CLINGO-SUB%20id%3D%22lingo-sub-804737%22%20slang%3D%22en-US%22%3ECan%20I%20prevent%20users%20uploading%20into%20OneDrive%20from%20mobile%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-804737%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20requirement%20to%20block%20users%20from%20uploading%20local%20files%20from%20their%20phone%20either%20(iOS%20or%20Android)%20-%20is%20that%20possible%20via%20InTune%20or%20similar%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-804737%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EFiles%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESync%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-805188%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20prevent%20users%20uploading%20into%20OneDrive%20from%20mobile%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-805188%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20should%20be%20able%20to%20configure%20this%20as%20part%20of%20the%20Session%20controls%20feature%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-from-unmanaged-devices%3FredirectSourcePath%3D%25252farticle%25252f5ae550c4-bd20-4257-847b-5c20fb053622%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-from-unmanaged-devices%3FredirectSourcePath%3D%25252farticle%25252f5ae550c4-bd20-4257-847b-5c20fb053622%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-805451%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20prevent%20users%20uploading%20into%20OneDrive%20from%20mobile%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-805451%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20looks%20like%20it%20is%20setting%20something%20up%20for%20unmanaged%20or%20untrusted%20devices%3F%20These%20are%20compliant%20devices%20in%20InTune%2C%20we%20just%20want%20users%20to%20be%20able%20to%20download%2C%20open%20etc%20from%20OneDrive%20but%20not%20be%20able%20to%20upload%20personal%20files%20from%20the%20device%20*into*%20OneDrive%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20not%20seeing%20how%20the%20session%20controls%20achieves%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-805575%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20prevent%20users%20uploading%20into%20OneDrive%20from%20mobile%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-805575%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F198857%22%20target%3D%22_blank%22%3E%40Mark%20Wilson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20unaware%20of%20a%20solution%20to%20what%20you%20need%3B%20most%20of%20the%20settings%20are%20concerned%20with%20users%20egressing%20data%20out%20of%20OneDrive%20rather%20than%20stopping%20data%20going%20into%20it.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20poor%20workaround%20(if%20you%20can%20call%20it%20that)%20is%20to%20set%20up%20a%20custom%20alert%20for%20any%20file%20uploaded%20to%20OneDrive%20outside%20of%20your%20corperate%20IP%20range%20so%20you%20are%20notified%20if%20someone%20does%2C%20but%20I%20can%20imagine%20this%20would%20get%20very%20unwieldy%20quickly%20if%20you%20have%20to%20do%20this%20for%20more%20than%20a%20handful%20of%20people.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20may%20also%20be%20possible%20to%20create%20a%20Flow%20so%20that%20uploaded%20files%20outside%20of%20the%20corp%20IP%20have%20a%20custom%20action%20to%20them%20-%20maybe%20some%20kind%20of%20approval%3F%20A%20heavily%20modified%20flow%20like%20this%20one%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Funitedkingdom.flow.microsoft.com%2Fen-us%2Fgalleries%2Fpublic%2Ftemplates%2F310e30cf00a34855af793fcf2749dfd5%2Frequest-my-manager%25E2%2580%2599s-approval-for-the-selected-file%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Funitedkingdom.flow.microsoft.com%2Fen-us%2Fgalleries%2Fpublic%2Ftemplates%2F310e30cf00a34855af793fcf2749dfd5%2Frequest-my-manager%25E2%2580%2599s-approval-for-the-selected-file%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPossibly%20set%20up%20for%20auto-reject%3F%20I'm%20not%20much%20of%20a%20Flow%20person%2C%20but%20that%20might%20provide%20a%20solution%2C%20though%20it'll%20take%20a%20bit%20of%20effort%20to%20get%20it%20up%20and%20running.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-806113%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20prevent%20users%20uploading%20into%20OneDrive%20from%20mobile%20app%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-806113%22%20slang%3D%22en-US%22%3E%3CP%3EI%20thought%20maybe%20that%20was%20the%20case...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20suggestions.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

I have a requirement to block users from uploading local files from their phone either (iOS or Android) - is that possible via InTune or similar?

 

 

4 Replies
Highlighted
Highlighted

That looks like it is setting something up for unmanaged or untrusted devices? These are compliant devices in InTune, we just want users to be able to download, open etc from OneDrive but not be able to upload personal files from the device *into* OneDrive?

 

I am not seeing how the session controls achieves this?

Highlighted

Hey @Deleted 

 

I'm unaware of a solution to what you need; most of the settings are concerned with users egressing data out of OneDrive rather than stopping data going into it. 

 

A poor workaround (if you can call it that) is to set up a custom alert for any file uploaded to OneDrive outside of your corperate IP range so you are notified if someone does, but I can imagine this would get very unwieldy quickly if you have to do this for more than a handful of people.

 

It may also be possible to create a Flow so that uploaded files outside of the corp IP have a custom action to them - maybe some kind of approval? A heavily modified flow like this one:

 

https://unitedkingdom.flow.microsoft.com/en-us/galleries/public/templates/310e30cf00a34855af793fcf2749dfd5/request-my-manager%E2%80%99s-approval-for-the-selected-file/

 

Possibly set up for auto-reject? I'm not much of a Flow person, but that might provide a solution, though it'll take a bit of effort to get it up and running.

Highlighted

I thought maybe that was the case...

 

Thanks for the suggestions.