This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 32%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
I'm trying to find a workaround to protect files being uploaded into OneDrive from unmanaged devices from thick clients and mobile device apps. Since it is not possible to block them with Microsoft Defender for Cloud Apps session control policies (they don't work for thick clients or mobile apps), I am trying to find an alternative to an access policy that blocks everything to force web browser access.
I found this blog post where it seems that MIP can help with the thick client control: 2011039
Is it possible for MIP to apply sensitivity labels and file encryption real time for files coming in from thick clients and mobile apps? If so, this would be a good balance since any sensitive information will be encrypted and locked down based on the MIP policies. If not, does anyone have any methods they have used to try to fill in this gap?
Thanks.
You can use auto-label policies: https://learn.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
Or run a flow that stamps a label on each file post-upload.