Manger wants total control over employee data

milo last 0 Reputation points
2024-03-23T10:17:23.48+00:00

A Manager wants to have total control over 5 employee data.

The laptop is provided by the Company and any file created by the employee, the Manager should be able to see it. No files should be deleted by the employee even if the employee is the owner of the document it. Is there any solution from Microsoft using Intune , Conditional access or DLP ?

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
923 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
328 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,711 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,396 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 11,616 Reputation points
    2024-03-23T11:51:13.31+00:00

    DLP. Not sure is this possible to have such control in user profile's OneDrive folders.

    0 comments No comments

  2. Cathryn Symons 0 Reputation points
    2024-03-24T13:15:42.7333333+00:00

    I'm not sure that intune or conditional access are the tools for this. I would use Purview (ie DLP or Data Loss Prevention)
    If you set a retention hold, files are retained for the retention period which can be indefinite. https://learn.microsoft.com/en-us/purview/create-retention-policies?tabs=other-retention

    And give the manager access to all onedrives, tell staff not to delete files, and also give the manager access to the retention hold folders.

    0 comments No comments