More

    How To Leverage Data Loss Prevention (DLP) Policies With Microsoft Intune via Scalefusion

    Share On

    In this blog, learn to configure Office 365 DLP policies on Scalefusion to protect data within Office 365 apps on Android & iOS devices using Microsoft Intune Data Loss Prevention.

    Enterprise mobility has touched base across every industry possible. If it hadn’t previously, 2020 and the remote working phenomenon along with heavy dependency on technology to facilitate ‘everything remote and contactless’ did it. As businesses, large and small move towards embracing technology for their operations, employee productivity as well as customer satisfaction, there arises a need for ensuring that the data on these devices stays secure.

    Office 365 DLP
    Configure Office 365 DLP Policies With Microsoft Intune

    With the pandemic moving things online, the number of cyberattacks has increased, amounting to almost 445 million attacks till August 2020¹, which is double the number of the attacks observed in the year 2019. Clearly, if security is not on your mind, it should be. 

    In this article, we will have a look at the security policies made available by Microsoft Intune® via Scalefusion to protect Microsoft Office 365 Apps and achieve data loss prevention across Intune SDK, on Android & iOS devices. 

    Scalefusion has integrated the Microsoft Graph API. This enables the IT admins to manage the Intune policies directly from the Scalefusion dashboard. Previously without this integration, the IT admins had to juggle between two consoles when using Scalefusion for managing Office 365 apps.

    These policies can help protect the data pertaining to these apps- Microsoft Outlook, Microsoft OneNote, Microsoft Excel, Microsoft Powerpoint, and Microsoft Word.

    Prerequisites for Configure Office 365 DLP policies:

    To manage these policies, you need a Scalefusion license along with any one of these licenses- Microsoft 365 E5, Microsoft 365 E3, Enterprise Mobility + Security E5, Enterprise Mobility + Security E3, Microsoft 365 Business Premium, Microsoft 365 F1, Microsoft 365 F3, Microsoft 365 Government G5 or Microsoft 365 Government G3.

    Set up process

    After authorizing Scalefusion to manage policies on behalf of your organization, you can navigate to the Device Management section of the Scalefusion dashboard and access Microsoft Intune Policies from this section.

    On the Android devices for which these policies need to be set up, install the Intune Company Portal application using Scalefusions Play for Work integration and sign in to the Intune Company Portal app.

    On iOS devices, the setup is automated when the user authenticates the Office 365 apps and no additional steps are required.

    You can now start creating the DLP policies via the Scalefusion dashboard. The step-by-step process for the same can be obtained in our exclusive help document.

    Leveraging Office 365 DLP (Data Loss Prevention) policies with Intune

    Here’s a list of data loss prevention policies and settings that you can leverage with Intune + Scalefusion for Microsoft Office 365 apps on managed Android and iOS devices: 

    Data settings using Data Loss Prevention (Office 365 DLP)

    1) Preventing corporate data backup to OS-specific services

    Enabling this setting prevents users from backing up data from the managed applications to OS-specific services including iCloud for iOS or other Android-specific services.

    2) Managing data sharing with other apps

    You can configure the data transfer policy for managed applications. The options include:

    • Allow All: Transfer data to any app
    • Restricted: Transfer data to managed apps only
    • Block All: Block all data transfer 

    3) Preventing copy of corporate data

    This setting disables the save as option and blocks the end-user from making copies of corporate data files. However, this setting works on the condition that the data sharing app setting is selected as ‘restricted’.

    4) Configuring location storage

    If the ‘prevent saving copies of data’ setting is selected, an override can be configured to chosen locations such as- OneDrive for Business, SharePoint, and Local Storage.

    5) Receiving data from other applications

    You can configure if managed applications can receive data from other apps using the share menu or share button options in other apps. The settings that can be configured are as follows:

    • Allow All: Receive data from any app
    • Restricted: Receive data from managed apps only
    • Block All: Block all data transfer

    6) Configure clipboard for managed applications

    This setting can help restrict the cut, copy, paste to clipboard options from other apps to managed apps. These settings can be configured as follows: 

    • Any App: Allow cut, copy, paste of data between managed and unmanaged apps.
    • Apps Managed by Policy: Allow cut, copy, paste data only between managed applications.
    • Policy Managed Apps with Paste in: Allow cut and copy data from another app to managed app. But users cannot perform the same function from the managed app to other apps.
    • Blocked – Block users from cut, copy, paste of data between all apps.

    7) Force secure browsing

    This setting ensures that the links in managed applications are opened in a managed browser like Microsoft Edge only.

    8) Encrypt app data of managed apps

    This setting encrypts data pertaining to managed applications and encrypts data stored anywhere including external storage drives and SIM cards.

    9) Disable printing

    This setting prevents the printing of documents and data from managed applications.

    10) Disable contact syncing

    This setting prevents managed apps from saving contacts to the native address book. The Sync Contacts option is hidden.

    Access Control Settings using Office 365 DLP

    Along with these settings, the settings for access control of these apps can also be configured:

    • Require PIN for access
    • Enforce corporate credentials to access apps
    • Enforce access requirements such as idle timeout and offline grace period
    • Wipe managed data if the app is idle for a specific number of days

    Settings for Android

    These settings can be configured additionally for Android devices:

    • Block Screen Capture and Android Assistant
    • Minimum Android OS version Required
    • Minimum Android Patch version Required
    • Minimum App version required

    Settings for iOS

    These settings can be configured additionally for iOS devices:

    • Block Face ID access to apps (iOS 11+)
    • Minimum iOS version required
    • Minimum App version required
    • Minimum App protection policy SDK version required
    Closing lines…

    In conclusion, Scalefusion acts as a bridge for IT admins to push settings and configurations for Office 365 apps on Android and iOS devices via a range of DLP policies made available by Intune. 

    Resources

    1. helpnetsecurity.com
    Renuka Shahane
    Renuka Shahane
    Renuka Shahane is an avid reader who loves writing about technology. She is an engineering graduate with 10+ years of experience in content creation, content strategy and PR for web-based startups.

    Latest Articles

    5 Best Digital Signage Software Solutions in 2025

    If you walk across a mall or an airport today, you will see several eye-catching digital screens displaying a variety of content. Be it...

    What is VPN tunneling and why it’s a must-have for every business

    While working on an important project, sharing of sensitive information over the internet is common. But you wouldn’t just email it to anyone, right?...

    5 Best Mobile Device Management Solutions of 2025

    Let's get this straight - with an increase in the number of mobile devices, many businesses - small or medium - rely on these...

    Latest From Author

    How To Improve Industrial Equipment Lifecycle Management with MDM

    Managing the lifecycle of industrial equipment is exhausting. Be it paperwork or keeping a log of maintenance schedules. Thankfully, with digitization, mobile devices have...

    How to Turn Off Automatic Windows 10 Updates?

    The popularity of Windows 10 devices is undeniable. With a market share of more than 75% in the desktop and laptop space, as reported...

    Transforming Military Operations with MDM: Enhancing Security and Efficiency

    Mobile devices are not new to military services. Military personnel often use various rugged devices, vehicle-mounted devices, and tablets to execute mission-critical tasks.  According...

    More from the blog

    5 Best Mobile Device Management Solutions of 2025

    Let's get this straight - with an increase in the number of mobile devices, many businesses - small or...

    From manual to automated: Transforming patch management for modern...

    Manual patch management was often sufficient in traditional IT environments, where systems were simpler and networks less complex.  IT...

    Future of Mac Endpoint Management: Trends to Watch in...

    We all know the feeling of a fresh start, and a new year perfectly symbolizes it, doesn’t it? Whether...