Posts

Showing posts from May, 2022

Get All AIP encrypted files - SharePoint Online

Ravikaran Patel -
One of the recent project merger and acquisition.  Technology - M365 tenant to Tenant migration Areas of consolidation 1. Mailboxes  2. SharePoint online data 3. OneDrive for Business data 4. Teams data migration 5. Security and Compliance Migration  Area of concern from security and compliance side was the encrypted files within EXO, SPO, Teams, ODB. Issue with encrypted data migration - end users will not be able to access the documents once the Source tenant is decommissioned.   Solution available -  Ask end users to unencrypt the data before migration  Alternet Solution - 1. Decrypt the files, mails using eDiscovery - This will give us output in PST format will is available for offline access, but the data in source will still be encrypted.  Decryption in eDiscovery - Microsoft Purview (compliance) | Microsoft Docs   2. Use Get-AIPfileLabel and Get-AIPFileLabel but in order to use this you must be aware of all the files paths.  Challenges -  1. We do not want end user intervention
5 comments
Read more

Restrict Access (View only) to org data on Windows 10 Personal device (BYOD)

Ravikaran Patel -
Image
One of the recent need from the client was as follows :- He has 3 types of Employees working in his organization.  1. Company Employees (on-Payroll) - Company owned device 2. Outsourced Consultants - Accessing org data on Payroll org device (non client owned devices) 3. Guest users  Need -  Company employees  should have full access to org data on Company owned devices, however if they access org data from their personal device it should be View only. Consultant - They can access the Data on the device but cannot save anything on device. Guest - They should have view only access and not able to save anything on device.  This above should be applicable to Email, One Drive,  SharePoint & Teams Data.  Solution -  Step 1 -   Enable limited Access. Step 2 - Create a conditional access policy for EXO with device and browser based condition to apply app restriction policy. Step 3 - modify the Sharepoint limited access policy and add the device exception. Step 4 - Create a policy for gu
1 comment
Read more

Block users from saving data on System Drive on Intune Managed Device

Ravikaran Patel -
Image
Recently i delivered a project for Intune Deployment and came up with a requirement as follows End Users Should not be able to save data locally on C or D Drive, instead they should be allowed to save data only in One Drive for business (synced with System)  Based on the requirement i did my research and found the Following. its possible to control the Local System settings on a Azure AD joined Machine and Managed by Intune. There is no options to define exceptions in policies to allow data saving in certain folders.  Now most of us will think WIP (windows information protection) policy will help us protecting the data on device, however that's not completely true as . User can change the File Ownership to personal if the WIP policy is set to Allow Override. User can save the file locally on the system User will not be able to copy the data from work file to Personal file if policy is set to Allow override. Unenlightened apps cannot differentiate between personal and corporate data
Post a Comment
Read more