Prevent Microsoft Teams to download documents to Dropbox on iOS and Android

Hello!

All of our mobile devices are Azure AD registered.

We have configured two app protection policies, one for iOS and one for Android.

You can find the configuration of the app protection policy below. The problem is, that the users can still save files from Microsoft Teams to Dropbox.

How can I prevent the users to save files from MS Teams to private storages?

Basics

Name

APP_iOS_-Default

Description

—

Platform

iOS/iPadOS

Apps

Target to apps on all device types

No

Device types

Unmanaged

Public apps

Microsoft Invoicing
Microsoft Kaizala
Microsoft Power Apps
Microsoft 365 Admin
Microsoft Excel
Microsoft PowerPoint
Microsoft Word
Microsoft Bookings
Microsoft Office
Microsoft OneNote
Microsoft Planner
Microsoft Power BI
Microsoft SharePoint
Microsoft StaffHub
Microsoft OneDrive
Microsoft Teams
Microsoft Lists
Microsoft Stream
Microsoft To-Do
Microsoft Visio Viewer
Microsoft Whiteboard

Custom apps

—

Data protection

Prevent backups

Block

Send org data to other apps

Policy managed apps

Select apps to exempt

Default: tel;telprompt;skype;app-settings;calshow;itms;itmss;itms-apps;itms-appss;itms-services;

Save copies of org data

Block

Allow user to save copies to selected services

OneDrive for Business
SharePoint

Transfer telecommunication data to

Any dialer app

Dialer App URL Scheme

—

Receive data from other apps

All Apps

Open data into Org documents

Allow

Allow users to open data from selected services

OneDrive for Business
SharePoint
Camera

Restrict cut, copy, and paste between other apps

Any app

Cut and copy character limit for any app

0

Third party keyboards

Allow

Encrypt org data

Require

Sync policy managed app data with native apps

Allow

Printing org data

Allow

Restrict web content transfer with other apps

Any app

Unmanaged browser protocol

—

Org data notifications

Allow

Access requirements

PIN for access

Require

PIN type

Numeric

Simple PIN

Allow

Select minimum PIN length

4

Touch ID instead of PIN for access (iOS 8+/iPadOS)

Allow

Override biometrics with PIN after timeout

Not required

Timeout (minutes of inactivity)

0

Face ID instead of PIN for access (iOS 11+/iPadOS)

Allow

PIN reset after number of days

No

Number of days

0

App PIN when device PIN is set

Require

Work or school account credentials for access

Not required

Recheck the access requirements after (minutes of inactivity)

10

Conditional launch

Setting

Value

Action

Max PIN attempts

5

Reset PIN

Offline grace period

720

Block access (minutes)

Offline grace period

90

Wipe data (days)

Jailbroken/rooted devices

Block access

Assignments

Included groups

CL–AZ-MGMT-AllUsers

Excluded groups

CL–AZ-MFA-Exclude-
CL–AZ-MGMT-BreakGlass

Scope tags

Default