Prevent company Azure AD users to open encrypted documents from their own home computers

%3CLINGO-SUB%20id%3D%22lingo-sub-2615093%22%20slang%3D%22en-US%22%3EPrevent%20company%20Azure%20AD%20users%20to%20open%20encrypted%20documents%20from%20their%20own%20home%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2615093%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20start%20using%20Azure%20Information%20Protection%20so%20that%20internal%20company%20documents%20cannot%20be%20opened%20on%20non-corporate%20computers.%3C%2FP%3E%3CP%3EHowever%2C%20by%20default%2C%20the%20system%20does%20not%20work%20as%20expected.%3C%2FP%3E%3CP%3ENow%20employees%20can%20using%20their%20Azure%20AD%20login%20and%20password%20can%20log%20in%20to%20their%20home%20computer%20in%20%E2%80%9CMS%20Office%E2%80%9D%20or%20%E2%80%9CAzure%20Information%20Protection%20Viewer%E2%80%9D%20and%20open%20corporate%20encrypted%20documents.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETell%20me%20how%20to%20make%20sure%20that%20employees%20cannot%20open%20encrypted%20documents%20from%20a%20home%20computer%20through%20%E2%80%9CAzure%20Information%20Protection%20Viewer%E2%80%9D%2C%20%E2%80%9CAzure%20Information%20Protection%E2%80%9D%2C%20%E2%80%9CMicrosoft%20Office%E2%80%9D%2C%20but%20can%20still%20connect%20to%20%E2%80%9CAzure%20Virtual%20Desktop%E2%80%9D%20through%20%E2%80%9CRemote%20Desktop%E2%80%9D.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2615093%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Information%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2621990%22%20slang%3D%22en-US%22%3ERE%3A%20Prevent%20company%20Azure%20AD%20users%20to%20open%20encrypted%20documents%20from%20their%20own%20home%20computers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2621990%22%20slang%3D%22en-US%22%3EHello%20Vladimir%2C%20Your%20will%20probably%20find%20this%20article%20helpful.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fapps%2Fapp-protection-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmem%2Fintune%2Fapps%2Fapp-protection-policy%3C%2FA%3E%3C%2FLINGO-BODY%3E
Senior Member

I want to start using Azure Information Protection so that internal company documents cannot be opened on non-corporate computers.

However, by default, the system does not work as expected.

Now employees can using their Azure AD login and password can log in to their home computer in “MS Office” or “Azure Information Protection Viewer” and open corporate encrypted documents.

 

Tell me how to make sure that employees cannot open encrypted documents from a home computer through “Azure Information Protection Viewer”, “Azure Information Protection”, “Microsoft Office”, but can still connect to “Azure Virtual Desktop” through “Remote Desktop”.

1 Reply