504 questions
DLP. Not sure is this possible to have such control in user profile's OneDrive folders.
Manger wants total control over employee data
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
milo last
85
Reputation points
A Manager wants to have total control over 5 employee data.
The laptop is provided by the Company and any file created by the employee, the Manager should be able to see it. No files should be deleted by the employee even if the employee is the owner of the document it. Is there any solution from Microsoft using Intune , Conditional access or DLP ?
Microsoft Security | Intune | Security
Microsoft Security | Intune | Configuration
2,099 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,204 questions
Microsoft Security | Microsoft Purview
1,650 questions
{count} votes
-
PRADEEPCHEEKATLA 90,661 Reputation points Moderator2024-03-27T08:00:41.9366667+00:00 @milo last - Just checking in to see if the below answers helped. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know.
Sign in to comment
2 answers
Sort by: Most helpful
-
Pavel yannara Mirochnitchenko 13,341 Reputation points MVP2024-03-23T11:51:13.31+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 40%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Cathryn Symons 0 Reputation points2024-03-24T13:15:42.7333333+00:00 I'm not sure that intune or conditional access are the tools for this. I would use Purview (ie DLP or Data Loss Prevention)
If you set a retention hold, files are retained for the retention period which can be indefinite. https://learn.microsoft.com/en-us/purview/create-retention-policies?tabs=other-retentionAnd give the manager access to all onedrives, tell staff not to delete files, and also give the manager access to the retention hold folders.