Prevent Microsoft Teams to download documents to Dropbox on iOS and Android
Question
Hello!
All of our mobile devices are Azure AD registered.
We have configured two app protection policies, one for iOS and one for Android.
You can find the configuration of the app protection policy below. The problem is, that the users can still save files from Microsoft Teams to Dropbox.
How can I prevent the users to save files from MS Teams to private storages?
Basics
Name
APP_iOS_-Default
Description
—
Platform
iOS/iPadOS
Apps
Target to apps on all device types
No
Device types
Unmanaged
Public apps
Microsoft Invoicing
Microsoft Kaizala
Microsoft Power Apps
Microsoft 365 Admin
Microsoft Excel
Microsoft PowerPoint
Microsoft Word
Microsoft Bookings
Microsoft Office
Microsoft OneNote
Microsoft Planner
Microsoft Power BI
Microsoft SharePoint
Microsoft StaffHub
Microsoft OneDrive
Microsoft Teams
Microsoft Lists
Microsoft Stream
Microsoft To-Do
Microsoft Visio Viewer
Microsoft Whiteboard
Custom apps
—
Data protection
Prevent backups
Block
Send org data to other apps
Policy managed apps
Select apps to exempt
Default: tel;telprompt;skype;app-settings;calshow;itms;itmss;itms-apps;itms-appss;itms-services;
Save copies of org data
Block
Allow user to save copies to selected services
OneDrive for Business
SharePoint
Transfer telecommunication data to
Any dialer app
Dialer App URL Scheme
—
Receive data from other apps
All Apps
Open data into Org documents
Allow
Allow users to open data from selected services
OneDrive for Business
SharePoint
Camera
Restrict cut, copy, and paste between other apps
Any app
Cut and copy character limit for any app
0
Third party keyboards
Allow
Encrypt org data
Require
Sync policy managed app data with native apps
Allow
Printing org data
Allow
Restrict web content transfer with other apps
Any app
Unmanaged browser protocol
—
Org data notifications
Allow
Access requirements
PIN for access
Require
PIN type
Numeric
Simple PIN
Allow
Select minimum PIN length
4
Touch ID instead of PIN for access (iOS 8+/iPadOS)
Allow
Override biometrics with PIN after timeout
Not required
Timeout (minutes of inactivity)
0
Face ID instead of PIN for access (iOS 11+/iPadOS)
Allow
PIN reset after number of days
No
Number of days
0
App PIN when device PIN is set
Require
Work or school account credentials for access
Not required
Recheck the access requirements after (minutes of inactivity)
10
Conditional launch
Setting
Value
Action
Max PIN attempts
5
Reset PIN
Offline grace period
720
Block access (minutes)
Offline grace period
90
Wipe data (days)
Jailbroken/rooted devices
Block access
Assignments
Included groups
CL–AZ-MGMT-AllUsers
Excluded groups
CL–AZ-MFA-Exclude-
CL–AZ-MGMT-BreakGlass
Scope tags
Default
Answer ( 1 )
The restriction can be implemented using Intune MAM policies with Conditional access… The option to prevent Microsoft Teams to download documents to Dropbox on iOS and Android is using CA + App protection policies in Intune.