How To Leverage Data Loss Prevention (DLP) Policies With Microsoft Intune via Scalefusion

Enterprise mobility has touched base across every industry possible. If it hadn’t previously, 2020 and the remote working phenomenon along with heavy dependency on technology to facilitate ‘everything remote and contactless’ did it. As businesses, large and small move towards embracing technology for its operations, employee productivity as well as customer satisfaction, there arises a need for ensuring that the data on these devices stays secure.

DLP Policies With Microsoft Intune
Data Loss Prevention (DLP) Policies With Microsoft Intune

With the pandemic moving things online, the number of cyberattacks has increased, amounting to almost 445 million attacks till August 2020¹, which is double the number of the attacks observed in the year 2019. Clearly, if security is not on your mind, it should be. 

In this article, we will have a look at the security policies made available by Microsoft Intune® via Scalefusion to protect Microsoft Office 365 Apps and achieve data loss prevention across Intune SDK, on Android & iOS devices. 

Scalefusion has integrated the Microsoft Graph API. This enables the IT admins to manage the Intune policies directly from the Scalefusion dashboard. Previously without this integration, the IT admins had to juggle between two consoles when using Scalefusion for managing Office 365 apps.

These policies can help protect the data pertaining to these apps- Microsoft Outlook, Microsoft OneNote, Microsoft Excel, Microsoft Powerpoint and Microsoft Word.

Prerequisites:

To manage these policies, you need a Scalefusion license along with any one of these licenses- Microsoft 365 E5, Microsoft 365 E3, Enterprise Mobility + Security E5, Enterprise Mobility + Security E3, Microsoft 365 Business Premium, Microsoft 365 F1, Microsoft 365 F3, Microsoft 365 Government G5 or Microsoft 365 Government G3.

Set up process

After authorizing Scalefusion to manage policies on behalf of your organization, you can navigate to the Device Management section of the Scalefusion dashboard and access Microsoft Intune Policies from this section.

On the Android devices for which these policies need to be set up, install the Intune Company Portal application using ScalefusionsPlay for Work integration and sign in to the Intune Company Portal app.

On the iOS devices, the setup is automated when the user authenticates the Office 365 apps and no additional steps are required.

You can now start creating the DLP policies via the Scalefusion dashboard. The step by step process for the same can be obtained in our exclusive help document.

Leveraging Data Loss Prevention (DLP) policies with Intune

Here’s a list of data loss prevention policies and settings that you can leverage with Intune + Scalefusion for Microsoft Office 365 apps on managed Android and iOS devices: 

Data settings using Data Loss Prevention (DLP)

  • Preventing corporate data backup to OS-specific services

Enabling this setting prevents users from backing up data from the managed applications to OS-specific services including iCloud for iOS or other Android-specific services.

  • Managing data sharing with other apps

You can configure the data transfer policy for managed applications. The options include:

  • Allow All: Transfer data to any app
  • Restricted: Transfer data to managed apps only
  • Block All: Block all data transfer 
  • Preventing copy of corporate data

This setting disables the save as option and blocks the end-user from making copies of corporate data files. However, this setting works on the condition that the data sharing app setting is selected as ‘restricted’.

  • Configuring location storage

If the ‘prevent saving copies of data’ setting is selected, an override can be configured to chosen locations such as- OneDrive for Business, SharePoint and Local Storage.

  • Receiving data from other applications

You can configure if managed applications can receive data from other apps using the share menu or share button options in other apps. The settings that can be configured are as follows:

  • Allow All: Receive data from any app
  • Restricted: Receive data from managed apps only
  • Block All: Block all data transfer
  • Configure clipboard for managed applications

This setting can help restrict the cut, copy, paste to clipboard options from other apps to managed apps. These settings can be configured as follows: 

  • Any App: Allow cut, copy, paste of data between managed and unmanaged apps.
  • Apps Managed by Policy: Allow cut, copy, paste data only between managed applications.
  • Policy Managed Apps with Paste in: Allow cut and copy data from another app to managed app. But users cannot perform the same function from the managed app to other apps.
  • Blocked – Block users from cut, copy, paste of data between all apps.
  • Force secure browsing

This setting ensures that the links in managed applications are opened in a managed browser like Microsoft Edge only.

  • Encrypt app data of managed apps

This setting encrypts data pertaining to managed applications and encrypts data stored anywhere including external storage drives and SIM cards.

  • Disable printing

This setting prevents the printing of documents and data from managed applications.

  • Disable contact syncing

This setting prevents managed apps from saving contacts to the native address book. The Sync Contacts option is hidden.

Access Control Settings using DLP

Along with these settings, the settings for access control of these apps can also be configured:

  • Require PIN for access
  • Enforce corporate credentials to access apps
  • Enforce access requirements such as idle timeout and offline grace period
  • Wipe managed data if the app is idle for a specific number of days

Settings for Android

These settings can be configured additionally for Android devices:

  • Block Screen Capture and Android Assistant
  • Minimum Android OS version Required
  • Minimum Android Patch version Required
  • Minimum App version required

Settings for iOS

These settings can be configured additionally for iOS devices:

  • Block Face ID access to apps (iOS 11+)
  • Minimum iOS version required
  • Minimum App version required
  • Minimum App protection policy SDK version required

Closing lines…

In conclusion, Scalefusion acts as a bridge for IT admins to push settings and configurations for Office 365 apps on Android and iOS devices via a range of DLP policies made available by Intune. 

Resources

  1. helpnetsecurity.com

Share

Follow Us

Thousands of businesses rely upon Scalefusion for managing their mobile device, desktops & laptops and other endpoints

Renuka Shahane is a Sr. Content Writer at Scalefusion. An engineering graduate, an Apple junkie and an avid reader, she has a 5+ years of experience in content creation, content strategy and PR for technology and web based startups.

Share

Follow Us



Subscribe to our newsletter

Exciting Products.
Cutting-Edge Technology.
Powerful Insights.
Delivered Straight to Your Inbox!

No spam, no BS, unsubscribe at any time.

Thousands of businesses rely upon Scalefusion for managing their mobile device, desktops & laptops and other endpoints