Blocking file downloads from desktop client Apps on non-domain joined systems

%3CLINGO-SUB%20id%3D%22lingo-sub-1079331%22%20slang%3D%22en-US%22%3ERe%3A%20Blocking%20file%20downloads%20from%20desktop%20client%20Apps%20on%20non-domain%20joined%20systems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1079331%22%20slang%3D%22en-US%22%3EAs%20you%20said%2C%20session%20controls%20is%20only%20for%20browsers%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20want%20to%20protect%20data%20on%20fat%20clients%20on%20Windows%2C%20Windows%20Information%20Protection%20might%20be%20what%20you%20are%20looking%20for%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1079212%22%20slang%3D%22en-US%22%3EBlocking%20file%20downloads%20from%20desktop%20client%20Apps%20on%20non-domain%20joined%20systems%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1079212%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20best%20way%20to%20block%20downloading%20files%20with%20sensitive%20data%20on%20to%20non-domain%20joined%20personal%20desktops%20using%20desktop%20client%20apps%20(Outlook%2C%20One%20Drive%2C%20Teams...).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUsing%20Conditional%20access%20policies%20with%20Cloud%20App%20Security%2C%20we%20can%20block%20file%20downloads%20which%20contains%20sensitive%20data%20by%20configuring%20Session%20policies.%20However%20session%20policies%20applies%20to%20browser%20based%20apps%2Cbut%20not%20thick%20clients.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20don't%20want%20to%20block%20thick%20clients%2C%20just%20want%20to%20block%20sensitive%20data%20file%20downloads%20onto%20personal%20desktops.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20we%20block%20by%20using%20Microsoft%20CASB%20solution%2C%20or%20any%20other%20process%20we%20need%20to%20follow%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20guidance%20to%20resolve%20this%20issue%20is%20much%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

What is the best way to block downloading files with sensitive data on to non-domain joined personal desktops using desktop client apps (Outlook, One Drive, Teams...).

 

Using Conditional access policies with Cloud App Security, we can block file downloads which contains sensitive data by configuring Session policies. However session policies applies to browser based apps,but not thick clients.

 

We don't want to block thick clients, just want to block sensitive data file downloads onto personal desktops.

 

Can we block by using Microsoft CASB solution, or any other process we need to follow?

 

Any guidance to resolve this issue is much appreciated.

 

Thanks in advance

1 Reply
As you said, session controls is only for browsers

If you want to protect data on fat clients on Windows, Windows Information Protection might be what you are looking for