@Micheal Mallo - Thanks for the question and using MS Q&A platform.
To prevent end users from downloading documents with sensitive information to their devices and sharing them outside the organization, you can use Microsoft Endpoint Data Loss Prevention (DLP) or Microsoft Cloud App Security.
Microsoft Endpoint DLP is a paid solution that provides advanced data loss prevention capabilities for your organization's devices. It allows you to create policies that can prevent users from downloading or copying sensitive information to their devices. You can also configure policies to block users from uploading sensitive information to cloud services or sending it via email.
If you are looking for a license-free alternative, you can use Microsoft Cloud App Security. It provides similar capabilities to Endpoint DLP, but it is included with some Microsoft 365 licenses. With Cloud App Security, you can create policies to prevent users from downloading or sharing sensitive information from cloud services like OneDrive and SharePoint. You can also monitor user activity and receive alerts when sensitive information is accessed or shared.
It's important to note that while these solutions can help prevent data loss, they are not foolproof. It's still important to educate your users on the importance of protecting sensitive information and to have a clear policy in place for handling sensitive data.
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.