Share via

Protecting data on BYOD devices

Aran Billen 941 Reputation points
2024-10-07T11:47:52.84+00:00

Hi everyone,

We have sixth form students using BYOD, and we're looking for advice on how to protect data on these devices, specifically for Microsoft 365 resources. I've tested Windows app protection for Edge, but students are also accessing data through Office apps. Is there a way to prevent them from saving files locally on their devices while still allowing them to save to OneDrive through the Office suite?

Microsoft 365 and Office Install, redeem, activate For business Windows
Microsoft Security Intune Security
Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Intune Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-10-08T02:03:50.68+00:00

    @Aran Billen Thanks for posting in our Q&A.

    Based on my research, please refer to the following link to prevent users from saving data on local. However, it will block all data, not just protected data.

    https://myitrambles.com/enhancing-data-security-preventing-users-from-saving-data-on-local-or-removable-drives-with-microsoft-intune/

    Note: Non-Microsoft link, just for the reference.

    Honestly, I didn't find that there is no method to fully realize this need. Let's wait someone else share more information.

    Thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Raja Pothuraju 23,465 Reputation points Microsoft External Staff Moderator
    2024-11-07T19:59:09.94+00:00

    Hello @Aran Billen,

    Thank you for posting your query on Microsoft Q&A.

    From your description, I understand that your goal is to block downloads on BYOD devices while still allowing users to upload files to OneDrive. This can be achieved by creating a Conditional Access policy. In the CA policy session control, select Conditional Access App Control and choose either Use custom policy or Block downloads.

    This setup will prevent users from downloading any files stored in Microsoft 365 resources, while still allowing them to upload files to OneDrive without issues.

    Please refer to the following guides for step-by-step instructions on creating a Conditional Access policy:

    Protect Office 365 data on unmanaged devices with Defender for Cloud Apps (Note: Non-Microsoft link, provided for reference only)

    Use Conditional Access App Control in Defender for Cloud Apps

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.