What is the best way to block downloading files with sensitive data on to non-domain joined personal desktops using desktop client apps (Outlook, One Drive, Teams...).
Using Conditional access policies with Cloud App Security, we can block file downloads which contains sensitive data by configuring Session policies. However session policies applies to browser based apps,but not thick clients.
We don't want to block thick clients, just want to block sensitive data file downloads onto personal desktops.
Can we block by using Microsoft CASB solution, or any other process we need to follow?
Any guidance to resolve this issue is much appreciated.