So, is there possible to enforce, or at least detect if files uploaded on Microsoft Team, outlook (enterprise) is only downloadable on company provided device ?

If possible, please show me how to do so.

  • wizardbeard@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 months ago

    Please get yourself an actual IT team. This is basic conditional access policy configuration for an Azure tennant.

    Microsoft has learning materials available on this. It’s part of their free Azure Admin online learning courses.

  • fjordbasa@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 months ago

    Why are you asking this here? This is meant more for asking about thoughts and experiences rather than tech support. You’d probably have better luck in a more technical community (or just googling it). You may still get some answers though 🤷

  • Snot Flickerman@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    2 months ago

    Are you the admin on your Teams team? Do you have access to the Advanced Directory/Azure Domain controls?

    If not, you’re going to have to have an admin do any kind of set up of that type.

    The first major issue is that looks like most download controls in Teams are on a per-user basis, meaning that the easiest way to block downloads is to deny the user access from downloading entirely.

    It seems like there are options for Android management that allow you to block an Android device from downloads as well.

    https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-android

    But I can’t seem to find anything on blocking specific other devices from downloads, and all the stuff I’m digging up circles back around to blocking the user from downloading entirely, instead of blocking them on a per-device level.

    https://answers.microsoft.com/en-us/msteams/forum/all/how-to-block-users-from-downloading-files-in-the/b042e974-6c41-4df9-86b2-dedd0908f034

    This one shows that they have admin options like this:

    “5. Under “Actions”, select “Block access” and choose the conditions you want to apply (e.g. “Block access when user is outside of company network”).”

    So perhaps in the admin settings there’s more fine-grained options like this? I still don’t see references to blocking per-device, just stuff like being outside the enterprise network.

    https://old.reddit.com/r/Office365/comments/nxmob0/block_files_downloads_in_ms_teams_desktop_and_web/

    This makes it sound like the solution is actually in SharePoint

    https://learn.microsoft.com/en-us/answers/questions/1527066/how-i-can-restrict-to-download-content-from-micros

    This is the closest I found to an answer, and it still seems like it’s not 100% of what you’re asking for, but maybe?

  • hemko@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    2 months ago

    Why not just block access to Teams and other m365 apps via conditional access from non-managed devices then?

    You can always “download” any content you’re viewing on the device, in fact you need to do so in order to view it.

    Say, you don’t want a word document containing price sensitive information being downloaded, but someone with access to view the document on a non-managed device can just screenshot it. Or to be honest, just take a photo from a screen of a managed device.