Occasional Contributor

I am testing out MCAS session control to stop file downloads and am unable to block downloads when more than one file is selected.

 

Here's what I have tested:

 

MCAS Session control is triggered happily by conditional access, and configured to stop downloads from OneDrive to unmanaged devices. In the OneDrive folder, if I select and try to download a single file, it gets blocked as expected:

 

Single file block working.png

 

But if I select more than one file and pick the Download option at the top of the page, a ZIP file with all selected documents gets downloaded without issue and does not get blocked:

 

Multi-file block not working.png

 

Has anyone seen this as well and got a solution, or is this an issue for Microsoft to resolve? It seems like a glaring hole in the controls if it isn't stopped.

 

A colleague has also tested using the preset "Block downloads" option available in Conditional Access and that suffers the same issue (single file download blocked, multi-file download allowed).

 

I tried adding a second session policy to block download of files with ZIP file extension, but that did not work. (Presumably, the original files are not seen to have a ZIP extension so MCAS let's those pass.)

www.000webhost.com