In this blog, learn to configure Office 365 DLP policies on Scalefusion to protect data within Office 365 apps on Android & iOS devices using Microsoft Intune Data Loss Prevention.
Enterprise mobility has touched base across every industry possible. If it hadn’t previously, 2020 and the remote working phenomenon along with heavy dependency on technology to facilitate ‘everything remote and contactless’ did it. As businesses, large and small move towards embracing technology for their operations, employee productivity as well as customer satisfaction, there arises a need for ensuring that the data on these devices stays secure.
With the pandemic moving things online, the number of cyberattacks has increased, amounting to almost 445 million attacks till August 2020¹, which is double the number of the attacks observed in the year 2019. Clearly, if security is not on your mind, it should be.
In this article, we will have a look at the security policies made available by Microsoft Intune® via Scalefusion to protect Microsoft Office 365 Apps and achieve data loss prevention across Intune SDK, on Android & iOS devices.
Scalefusion has integrated the Microsoft Graph API. This enables the IT admins to manage the Intune policies directly from the Scalefusion dashboard. Previously without this integration, the IT admins had to juggle between two consoles when using Scalefusion for managing Office 365 apps.
These policies can help protect the data pertaining to these apps- Microsoft Outlook, Microsoft OneNote, Microsoft Excel, Microsoft Powerpoint, and Microsoft Word.
Prerequisites for Configure Office 365 DLP policies:
To manage these policies, you need a Scalefusion license along with any one of these licenses- Microsoft 365 E5, Microsoft 365 E3, Enterprise Mobility + Security E5, Enterprise Mobility + Security E3, Microsoft 365 Business Premium, Microsoft 365 F1, Microsoft 365 F3, Microsoft 365 Government G5 or Microsoft 365 Government G3.
Set up process
After authorizing Scalefusion to manage policies on behalf of your organization, you can navigate to the Device Management section of the Scalefusion dashboard and access Microsoft Intune Policies from this section.
On the Android devices for which these policies need to be set up, install the Intune Company Portal application using Scalefusions Play for Work integration and sign in to the Intune Company Portal app.
On iOS devices, the setup is automated when the user authenticates the Office 365 apps and no additional steps are required.
You can now start creating the DLP policies via the Scalefusion dashboard. The step-by-step process for the same can be obtained in our exclusive help document.
Leveraging Office 365 DLP (Data Loss Prevention) policies with Intune
Here’s a list of data loss prevention policies and settings that you can leverage with Intune + Scalefusion for Microsoft Office 365 apps on managed Android and iOS devices:
Data settings using Data Loss Prevention (Office 365 DLP)
1) Preventing corporate data backup to OS-specific services
Enabling this setting prevents users from backing up data from the managed applications to OS-specific services including iCloud for iOS or other Android-specific services.
2) Managing data sharing with other apps
You can configure the data transfer policy for managed applications. The options include:
- Allow All: Transfer data to any app
- Restricted: Transfer data to managed apps only
- Block All: Block all data transfer
3) Preventing copy of corporate data
This setting disables the save as option and blocks the end-user from making copies of corporate data files. However, this setting works on the condition that the data sharing app setting is selected as ‘restricted’.
4) Configuring location storage
If the ‘prevent saving copies of data’ setting is selected, an override can be configured to chosen locations such as- OneDrive for Business, SharePoint, and Local Storage.
5) Receiving data from other applications
You can configure if managed applications can receive data from other apps using the share menu or share button options in other apps. The settings that can be configured are as follows:
- Allow All: Receive data from any app
- Restricted: Receive data from managed apps only
- Block All: Block all data transfer
6) Configure clipboard for managed applications
This setting can help restrict the cut, copy, paste to clipboard options from other apps to managed apps. These settings can be configured as follows:
- Any App: Allow cut, copy, paste of data between managed and unmanaged apps.
- Apps Managed by Policy: Allow cut, copy, paste data only between managed applications.
- Policy Managed Apps with Paste in: Allow cut and copy data from another app to managed app. But users cannot perform the same function from the managed app to other apps.
- Blocked – Block users from cut, copy, paste of data between all apps.
7) Force secure browsing
This setting ensures that the links in managed applications are opened in a managed browser like Microsoft Edge only.
8) Encrypt app data of managed apps
This setting encrypts data pertaining to managed applications and encrypts data stored anywhere including external storage drives and SIM cards.
9) Disable printing
This setting prevents the printing of documents and data from managed applications.
10) Disable contact syncing
This setting prevents managed apps from saving contacts to the native address book. The Sync Contacts option is hidden.
Access Control Settings using Office 365 DLP
Along with these settings, the settings for access control of these apps can also be configured:
- Require PIN for access
- Enforce corporate credentials to access apps
- Enforce access requirements such as idle timeout and offline grace period
- Wipe managed data if the app is idle for a specific number of days
Settings for Android
These settings can be configured additionally for Android devices:
- Block Screen Capture and Android Assistant
- Minimum Android OS version Required
- Minimum Android Patch version Required
- Minimum App version required
Settings for iOS
These settings can be configured additionally for iOS devices:
- Block Face ID access to apps (iOS 11+)
- Minimum iOS version required
- Minimum App version required
- Minimum App protection policy SDK version required
Closing lines…
In conclusion, Scalefusion acts as a bridge for IT admins to push settings and configurations for Office 365 apps on Android and iOS devices via a range of DLP policies made available by Intune.
Resources
