How To Leverage Data Loss Prevention (DLP) Policies With Microsoft Intune via Scalefusion

    Share On

    In this blog, learn to configure Office 365 DLP policies on Scalefusion to protect data within Office 365 apps on Android & iOS devices using Microsoft Intune Data Loss Prevention.

    Enterprise mobility has touched base across every industry possible. If it hadn’t previously, 2020 and the remote working phenomenon along with heavy dependency on technology to facilitate ‘everything remote and contactless’ did it. As businesses, large and small move towards embracing technology for their operations, employee productivity as well as customer satisfaction, there arises a need for ensuring that the data on these devices stays secure.

    Office 365 DLP
    Configure Office 365 DLP Policies With Microsoft Intune

    With the pandemic moving things online, the number of cyberattacks has increased, amounting to almost 445 million attacks till August 2020¹, which is double the number of the attacks observed in the year 2019. Clearly, if security is not on your mind, it should be. 

    In this article, we will have a look at the security policies made available by Microsoft Intune® via Scalefusion to protect Microsoft Office 365 Apps and achieve data loss prevention across Intune SDK, on Android & iOS devices. 

    Scalefusion has integrated the Microsoft Graph API. This enables the IT admins to manage the Intune policies directly from the Scalefusion dashboard. Previously without this integration, the IT admins had to juggle between two consoles when using Scalefusion for managing Office 365 apps.

    These policies can help protect the data pertaining to these apps- Microsoft Outlook, Microsoft OneNote, Microsoft Excel, Microsoft Powerpoint, and Microsoft Word.

    Prerequisites for Configure Office 365 DLP policies:

    To manage these policies, you need a Scalefusion license along with any one of these licenses- Microsoft 365 E5, Microsoft 365 E3, Enterprise Mobility + Security E5, Enterprise Mobility + Security E3, Microsoft 365 Business Premium, Microsoft 365 F1, Microsoft 365 F3, Microsoft 365 Government G5 or Microsoft 365 Government G3.

    Set up process

    After authorizing Scalefusion to manage policies on behalf of your organization, you can navigate to the Device Management section of the Scalefusion dashboard and access Microsoft Intune Policies from this section.

    On the Android devices for which these policies need to be set up, install the Intune Company Portal application using Scalefusions Play for Work integration and sign in to the Intune Company Portal app.

    On iOS devices, the setup is automated when the user authenticates the Office 365 apps and no additional steps are required.

    You can now start creating the DLP policies via the Scalefusion dashboard. The step-by-step process for the same can be obtained in our exclusive help document.

    Leveraging Office 365 DLP (Data Loss Prevention) policies with Intune

    Here’s a list of data loss prevention policies and settings that you can leverage with Intune + Scalefusion for Microsoft Office 365 apps on managed Android and iOS devices: 

    Data settings using Data Loss Prevention (Office 365 DLP)

    1) Preventing corporate data backup to OS-specific services

    Enabling this setting prevents users from backing up data from the managed applications to OS-specific services including iCloud for iOS or other Android-specific services.

    2) Managing data sharing with other apps

    You can configure the data transfer policy for managed applications. The options include:

    • Allow All: Transfer data to any app
    • Restricted: Transfer data to managed apps only
    • Block All: Block all data transfer 

    3) Preventing copy of corporate data

    This setting disables the save as option and blocks the end-user from making copies of corporate data files. However, this setting works on the condition that the data sharing app setting is selected as ‘restricted’.

    4) Configuring location storage

    If the ‘prevent saving copies of data’ setting is selected, an override can be configured to chosen locations such as- OneDrive for Business, SharePoint, and Local Storage.

    5) Receiving data from other applications

    You can configure if managed applications can receive data from other apps using the share menu or share button options in other apps. The settings that can be configured are as follows:

    • Allow All: Receive data from any app
    • Restricted: Receive data from managed apps only
    • Block All: Block all data transfer

    6) Configure clipboard for managed applications

    This setting can help restrict the cut, copy, paste to clipboard options from other apps to managed apps. These settings can be configured as follows: 

    • Any App: Allow cut, copy, paste of data between managed and unmanaged apps.
    • Apps Managed by Policy: Allow cut, copy, paste data only between managed applications.
    • Policy Managed Apps with Paste in: Allow cut and copy data from another app to managed app. But users cannot perform the same function from the managed app to other apps.
    • Blocked – Block users from cut, copy, paste of data between all apps.

    7) Force secure browsing

    This setting ensures that the links in managed applications are opened in a managed browser like Microsoft Edge only.

    8) Encrypt app data of managed apps

    This setting encrypts data pertaining to managed applications and encrypts data stored anywhere including external storage drives and SIM cards.

    9) Disable printing

    This setting prevents the printing of documents and data from managed applications.

    10) Disable contact syncing

    This setting prevents managed apps from saving contacts to the native address book. The Sync Contacts option is hidden.

    Access Control Settings using Office 365 DLP

    Along with these settings, the settings for access control of these apps can also be configured:

    • Require PIN for access
    • Enforce corporate credentials to access apps
    • Enforce access requirements such as idle timeout and offline grace period
    • Wipe managed data if the app is idle for a specific number of days

    Settings for Android

    These settings can be configured additionally for Android devices:

    • Block Screen Capture and Android Assistant
    • Minimum Android OS version Required
    • Minimum Android Patch version Required
    • Minimum App version required

    Settings for iOS

    These settings can be configured additionally for iOS devices:

    • Block Face ID access to apps (iOS 11+)
    • Minimum iOS version required
    • Minimum App version required
    • Minimum App protection policy SDK version required
    Closing lines…

    In conclusion, Scalefusion acts as a bridge for IT admins to push settings and configurations for Office 365 apps on Android and iOS devices via a range of DLP policies made available by Intune. 


    Renuka Shahane
    Renuka Shahane
    Renuka Shahane is an avid reader who loves writing about technology. She is an engineering graduate with 10+ years of experience in content creation, content strategy and PR for web-based startups.

    Latest Articles

    How to Manage Remote Patient Monitoring Devices with UEM

    The world of healthcare witnesses changes year-on-year. And we all know how the pandemic transformed the way healthcare organizations operate forever. On those lines...

    Maximizing Business Potential: MDM as a Managed Service

    Nowadays, it’s common to see a retail store where the business owner expertly manages operations from a portable device. While holding a gadget, the...

    CEO Speaks: Getting Candid About The Scalefusion Journey

    Exclusive: Harishanker Kannan, CEO of Scalefusion, Reflects on Core Values, Milestones, and Strategic Growth Recently, Harishanker Kannan, the co-founder and CEO of Scalefusion, shared his...

    Latest From Author

    New Enhancements to Scalefusion Deployer

    At Scalefusion, we practice the art of continuous improvement. It stems from our mission to solve the everyday challenges of IT admins. We kick-started...

    How to Manage Corporate-Owned Apple Devices with Scalefusion

    Apple revolutionized the technology market since its inception and has made technology the talk of the town with its fabulously designed products such as...

    How to Ensure Privacy and Security in Business Macs

    In times when cyber attacks are rampant and creating significant financial and reputation losses, organizations need to follow the best cybersecurity practices to keep...

    More from the blog

    Maximizing Business Potential: MDM as a Managed Service

    Nowadays, it’s common to see a retail store where the business owner expertly manages operations from a portable device....

    CEO Speaks: Getting Candid About The Scalefusion Journey

    Exclusive: Harishanker Kannan, CEO of Scalefusion, Reflects on Core Values, Milestones, and Strategic Growth Recently, Harishanker Kannan, the co-founder and...

    Introducing Apple ID-driven Enrollment: Modern BYOD for iOS Devices

    We are excited to announce the launch of Apple ID-driven user enrollment. Enterprises can now leverage full-blown BYOD for...