Occasional Contributor

I am testing out MCAS session control to stop file downloads and am unable to block downloads when more than one file is selected.


Here's what I have tested:


MCAS Session control is triggered happily by conditional access, and configured to stop downloads from OneDrive to unmanaged devices. In the OneDrive folder, if I select and try to download a single file, it gets blocked as expected:


Single file block working.png


But if I select more than one file and pick the Download option at the top of the page, a ZIP file with all selected documents gets downloaded without issue and does not get blocked:


Multi-file block not working.png


Has anyone seen this as well and got a solution, or is this an issue for Microsoft to resolve? It seems like a glaring hole in the controls if it isn't stopped.


A colleague has also tested using the preset "Block downloads" option available in Conditional Access and that suffers the same issue (single file download blocked, multi-file download allowed).


I tried adding a second session policy to block download of files with ZIP file extension, but that did not work. (Presumably, the original files are not seen to have a ZIP extension so MCAS let's those pass.)