Block unauthorized browsers from accessing corporate web apps
Business to business (B2B) communication is widespread in organizations today. This brings security challenges because it is difficult to monitor or control external users, however you want to give external users access to internal content.
To solve this problem Microsoft Defender for Cloud Apps can limit external users to read-only access for Microsoft web apps, third party web apps, and custom apps.
To apply read-only mode, you must create a policy to block downloads and another policy to block cutting, copying, or printing.
Before creating the policies, you must create a Conditional Access policy in Microsoft Entra ID to route traffic to Defender for Cloud Apps.
Create a policy to block downloads
To create a policy to block downloads, perform the following steps:
Navigate to https://portal.cloudappsecurity.com.
Select Control and select Policies.
Select Create policy and select Session policy.
Enter a name and description in Policy name and Description.
In Category, select DLP for data loss prevention.
In Session control type, select Control file download (with DLP).
In Add activity filters to the policy, enter a name for the external user that you want to control. You can remove the filter for apps if you want the policy to apply to all apps.
In Actions, select Block and, optionally, add a custom message.
Click Create.
Create a policy to block cut, copy, and print
To create a policy to block cut, copy, and print, perform the following steps:
Navigate to https://portal.cloudappsecurity.com.
Select Control and select Policies.
Select Create policy and select Session policy.
Enter a name and description in Policy name and Description.
In Category, select DLP for data loss prevention.
In Session control type, select Block activities.
In Add activity filters to the policy, enter a name for the external user that you want to control. You can remove the filter for apps if you want the policy to apply to all apps.
In Activity type, select Cut/Copy item and select Print.
In Actions select Block and, optionally, Customize block message.
Click Create.
The following video gives you an overview of how to configure read-only mode for external users apps with Microsoft Defender for Cloud Apps: