How to stop/prevent users to upload and download from Teams, OneDrive for business and SharePoint Online for users which includes .EXE, .MSI and any other executable files?

Vinod Survase 4,776 Reputation points
2023-06-22T12:49:41.02+00:00

How to stop/prevent users to upload and download from Teams, OneDrive for business and SharePoint Online for users which includes .EXE, .MSI and any other executable files?

Is there any policy via Intune or Azure AD side that we should create and apply across org or group of users?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,770 questions
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,894 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
11,229 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,569 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 157K Reputation points MVP Volunteer Moderator
    2023-06-22T12:56:46.89+00:00

    My first recommendation would be Defender for Cloud apps and a CA Policy if you are licensed:

    https://learn.microsoft.com/en-us/defender-cloud-apps/use-case-proxy-block-session-aad


2 additional answers

Sort by: Most helpful
  1. Maarten Leyman 1 Reputation point
    2023-06-22T15:24:16.25+00:00

    As @Andy David - MVP suggested you can use Microsoft Defender for Cloud Apps (MDCA) to block uploads and downloads to Onedrive or Sharepoint Online in realtime only for browser sessions!

    Uploading or downloading through for example Teams or copying One Drive synced files in file explorer are not covered by the conditional access proxy policies.

    You can also create file policies to for example change permissions of files with a .exe extentions. https://learn.microsoft.com/en-us/defender-cloud-apps/data-protection-policies


  2. Emily Du-MSFT 51,826 Reputation points Microsoft External Staff
    2023-06-23T09:46:09.28+00:00

    Form SharePoint, there is no OOTB functionality to restrict specific file extensions when uploading files.

    From OneDrive, go to SharePoint admin center -> Settings -> Sync -> Block uploads by file type.

    https://learn.microsoft.com/en-US/sharepoint/block-file-types?WT.mc_id=365AdminCSH_spo


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.