Almost 18 months on and still no answer to this problem which is a bit of a shame... so I'll re-write what I'm trying to achieve below:-
We run a native O365/M365 environment with over 1200 users on AzureAD only.
All our files are held in SharePoint/OneDrive.
500+ users are volunteers, using their own equipment that is not managed via Intune.
Staff devices run ThreatLocker zero-trust protection that prevents any code running that hasn't been pre-approved by IT.
Ransomware will most likely be picked up on an un-managed device being used by one of our Volunteers.
Only files on the end-users local device will become infected as there is no LAN/Network to spread anything over.
If a volunteer syncs a SharePoint site (using OneDrive for Business) onto their local device, we risk the contents of the SP site document library being affected by the ransomware encryption.
I would like to do 2 things...
Firstly - list all folders within SP libraries that are being synced and by which user.
Secondly - block unmanaged devices from syncing any SP doc libraries. ...or block the use/login of OneDrive for Business on unmanaged devices.
The first will assist me in identifying the scale of our current problem/risk.
The second will mitigate the risk almost entirely.
If I try to force our volunteers to install Intune management on their personal devices, they would undoubtedly leave us so this is not an option unfortunately.
Any ideas would be very gratefully welcomed.
