Protecting data on BYOD devices

Aran Billen 891 Reputation points
2024-10-07T11:47:52.84+00:00

Hi everyone,

We have sixth form students using BYOD, and we're looking for advice on how to protect data on these devices, specifically for Microsoft 365 resources. I've tested Windows app protection for Edge, but students are also accessing data through Office apps. Is there a way to prevent them from saving files locally on their devices while still allowing them to save to OneDrive through the Office suite?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,373 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
446 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,364 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,649 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Xenia-MSFT 3,140 Reputation points Microsoft Vendor
    2024-10-08T02:03:50.68+00:00

    @Aran Billen Thanks for posting in our Q&A.

    Based on my research, please refer to the following link to prevent users from saving data on local. However, it will block all data, not just protected data.

    https://myitrambles.com/enhancing-data-security-preventing-users-from-saving-data-on-local-or-removable-drives-with-microsoft-intune/

    Note: Non-Microsoft link, just for the reference.

    Honestly, I didn't find that there is no method to fully realize this need. Let's wait someone else share more information.

    Thanks for your understanding.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Raja Pothuraju 10,040 Reputation points Microsoft Vendor
    2024-11-07T19:59:09.94+00:00

    Hello @Aran Billen,

    Thank you for posting your query on Microsoft Q&A.

    From your description, I understand that your goal is to block downloads on BYOD devices while still allowing users to upload files to OneDrive. This can be achieved by creating a Conditional Access policy. In the CA policy session control, select Conditional Access App Control and choose either Use custom policy or Block downloads.

    This setup will prevent users from downloading any files stored in Microsoft 365 resources, while still allowing them to upload files to OneDrive without issues.

    Please refer to the following guides for step-by-step instructions on creating a Conditional Access policy:

    Protect Office 365 data on unmanaged devices with Defender for Cloud Apps (Note: Non-Microsoft link, provided for reference only)

    Use Conditional Access App Control in Defender for Cloud Apps

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Thanks,
    Raja Pothuraju.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.