Jan 30 2020 12:29 PM
Jan 30 2020 12:29 PM
We have multiple web applications that are built to be accessible outside of our corporate network. Some of the important features are to be able to generate PDFs and print.
Is there a way to setup file or access policies that will restrict file downloads and temporary files to be only saved to corporate OneDrive or SharePoint?
This is possible on Office Web Applications and Intune using MAM. Can this be done for Custom applications using MCAS?
Feb 02 2020 02:02 PM
The only policies that are active in real time are access and session policies.
Session policies will give you control over download and other activities but it cannot redirect downloaded Files to OneDrive.
Could you explain the goal of the redirection?
If it is security related, you can label the files as they are downloaded via information protection labels and set permission as to which activities can be performed on the file once it is downloaded.
The files are encrypted in the same manner as application protection in intune.
Feb 03 2020 06:34 AM
Thank you for the response. The need is; Data Loss Prevention. Looks like automatic labeling and classification is the way to go. But for some reason my MCAS is having trouble connecting with AIP and so there are NO labels showing up in my policy. I have a ticket open to get this resolved.
Feb 03 2020 02:43 PM
followed the steps here : https://docs.microsoft.com/en-us/cloud-app-security/azip-integration
make sure to click on grant access.
have you published the azure information protection labels?
do they appear in office apps?
Feb 03 2020 02:46 PM
The labels are showing up on all office apps including admin.office.com BUT not on MCAS.
The grant permission step keeps going in a loop. Yes I am a GA and have logged in sessions in the browser where I am doing this.
Feb 03 2020 03:11 PM
:) i just finished a call with microsoft and have the same looping problem trying to grant MCAS access in azure AD.
But i am able to see all the labels and apply them as governance actions to files...