Customer wants to explore Azure solution which help protect their developer codes on his Local machine

Question

Customer Requirements as below : Customer are looking their Developer should not be able to copy their code in his local machine where VSCode editor they were using for Code, and he should not be able to copy it somewhere or else uploaded somewhere else. and even some part of code they can use it on chatGpt to get the help. We proposed Azure AVD personal Desktop features for their Devloper to Restrict Copy/Paste Functionality

1. Restrict Copy/Paste Functionality: Implement policies that restrict the ability to copy and paste code outside of Visual Studio.

We proposed Microsoft Purview Information Protection Does Auto-labeling Policies to control access based on keys and identifies 2. Automatic Encryption: Set up a system where, if any code is copied or moved outside the authorized environment (both online or offline), it automatically gets encrypted, and remains inaccessible without the proper decryption key. We proposed Enfore GPO policies through Active directory domain service on Azure VM 3. Policy-Based Software Restrictions: Add policy changes to prevent unauthorized changes to system settings, software installations, or uninstallation of security tools.

Kindly Provide the Solution, as Microsoft Purview Information Protection encrypt the code if developer share or copy that code over some 3rd party website and all

Answer 1

Hi @Shakir Hussain

Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

While Microsoft Purview Information Protection is a powerful tool for protecting sensitive information, it's primarily designed for document-level protection. For granular control over code snippets and real-time protection on local machines, a combination of strategies is required.

For protecting developer code on local machines, here are some solutions leveraging Microsoft Purview and other Azure services:

Restrict Copy/Paste Functionality

Azure Virtual Desktop (AVD): Use AVD to create a controlled environment where developers can work. You can restrict copy/paste functionality within this environment to prevent code from being copied outside of Visual Studio Code.

Microsoft Purview Information Protection: Implement auto-labeling policies to classify and protect sensitive information. This can help control access based on keys and identities.

Automatic Encryption

Microsoft Purview Information Protection: Set up policies that automatically encrypt code if it is copied or moved outside the authorized environment. This ensures that the code remains inaccessible without the proper decryption key.

Azure Key Vault: Store and manage encryption keys securely. Integrate Key Vault with Purview to manage access to encrypted data.

Policy-Based Software Restrictions

Group Policy Objects (GPO): Enforce GPO policies through Active Directory Domain Services on Azure VMs. This can prevent unauthorized changes to system settings, software installations, or the uninstallation of security tools.

Microsoft Intune: Use Intune to manage and enforce security policies on developer machines, ensuring compliance with organizational standards.

For additional information, please refer the below Microsoft documentations:

Security and governance

Microsoft Purview data security solutions

I hope this information helps. Please do let us know if you have any further queries.

Thank you.