this post was submitted on 10 Sep 2024
7 points (64.0% liked)

Asklemmy

43989 readers
539 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

So, is there possible to enforce, or at least detect if files uploaded on Microsoft Team, outlook (enterprise) is only downloadable on company provided device ?

If possible, please show me how to do so.

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 12 points 2 months ago

Please get yourself an actual IT team. This is basic conditional access policy configuration for an Azure tennant.

Microsoft has learning materials available on this. It's part of their free Azure Admin online learning courses.

[–] [email protected] 9 points 2 months ago (1 children)

Why are you asking this here? This is meant more for asking about thoughts and experiences rather than tech support. You’d probably have better luck in a more technical community (or just googling it). You may still get some answers though 🀷

[–] [email protected] -2 points 2 months ago (2 children)

Yet it seemingly doesn't break the rules of the sub. 🀷

[–] [email protected] 7 points 2 months ago

Rule 5: must be a topic of discussion

This is not a subject of discussion. It's just OP saying "help me do my job pls"

[–] [email protected] 7 points 2 months ago

It absolutely breaks several rules. It’s not an open ended question nor is it a topic of discussion.

[–] [email protected] 4 points 2 months ago* (last edited 2 months ago) (1 children)

Are you the admin on your Teams team? Do you have access to the Advanced Directory/Azure Domain controls?

If not, you're going to have to have an admin do any kind of set up of that type.

The first major issue is that looks like most download controls in Teams are on a per-user basis, meaning that the easiest way to block downloads is to deny the user access from downloading entirely.

It seems like there are options for Android management that allow you to block an Android device from downloads as well.

https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-android

But I can't seem to find anything on blocking specific other devices from downloads, and all the stuff I'm digging up circles back around to blocking the user from downloading entirely, instead of blocking them on a per-device level.

https://answers.microsoft.com/en-us/msteams/forum/all/how-to-block-users-from-downloading-files-in-the/b042e974-6c41-4df9-86b2-dedd0908f034

This one shows that they have admin options like this:

"5. Under "Actions", select "Block access" and choose the conditions you want to apply (e.g. "Block access when user is outside of company network")."

So perhaps in the admin settings there's more fine-grained options like this? I still don't see references to blocking per-device, just stuff like being outside the enterprise network.

https://old.reddit.com/r/Office365/comments/nxmob0/block_files_downloads_in_ms_teams_desktop_and_web/

This makes it sound like the solution is actually in SharePoint

https://learn.microsoft.com/en-us/answers/questions/1527066/how-i-can-restrict-to-download-content-from-micros

This is the closest I found to an answer, and it still seems like it's not 100% of what you're asking for, but maybe?

[–] meowington1 1 points 2 months ago

very helpful resource, thank you

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

Why not just block access to Teams and other m365 apps via conditional access from non-managed devices then?

You can always "download" any content you're viewing on the device, in fact you need to do so in order to view it.

Say, you don't want a word document containing price sensitive information being downloaded, but someone with access to view the document on a non-managed device can just screenshot it. Or to be honest, just take a photo from a screen of a managed device.