MCAS / CAP Options for blocking Teams client file upload across browser, desktop and mobile

%3CLINGO-SUB%20id%3D%22lingo-sub-1490590%22%20slang%3D%22en-US%22%3EMCAS%20%2F%20CAP%20Options%20for%20blocking%20Teams%20client%20file%20upload%20across%20browser%2C%20desktop%20and%20mobile%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1490590%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20anyone%20provide%20info%20for%20if%20and%20when%26nbsp%3BConditional%20Access%20App%20Control%20as%20configured%20through%20conditional%20access%20policy%20will%20provide%20Block%20Uploads%20as%20per%20the%20currently%20available%20Block%20downloads%20(Preview)%3F%20As%20this%20supports%20browser%2C%20mobile%20and%20desktop%20I%20can%20configure%20CAP%20to%20block%20all%20downloads%20and%20ideally%20would%20do%20the%20same%20for%20uploads%20if%20it%20was%20available.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20configure%20MCAS%20Session%20policy%20for%20Teams%20Browser%20to%20block%20uploads%20but%20can't%20apply%20this%20to%20desktop%20and%20mobile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20looked%20at%20File%20Policy%20and%20admin%20quarantine%20applied%20to%20Teams%20as%20the%20App%20but%20Teams%20doesn't%20see%20to%20be%20a%20supported%20app%20and%20don't%20get%20policy%20matches%20for%20files%20in%20Teams.%20Picking%20SharePoint%20as%20the%20app%20does%20policy%20match%20the%20files%20in%20Teams%20but%20also%20all%20other%20SharePoint.%20Trying%20to%20filter%20out%20folders%20that%20are%20SharePoint%20vs%20Teams%20generated%26nbsp%3BSharePoint%20and%20stay%20on%20top%20of%20it%20for%20a%20tenant%20with%2010k%20users%20doesn't%20seem%20manageable.%20Could%20possibly%20use%20MCAS%20PowerShell%20and%20automation%20to%20generate%20and%20update%20a%20File%20Policy%20but%20it%20seems%20better%20to%20wait%20until%20the%20block%20upload%20functionality%20becomes%20natively%20available%20-%20as%20quarantine%20isn't%20really%20what's%20being%20asked%20for.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20able%20to%20provide%20some%20timescales%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1490590%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETeams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1490797%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20%2F%20CAP%20Options%20for%20blocking%20Teams%20client%20file%20upload%20across%20browser%2C%20desktop%20and%20mobile%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1490797%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F100245%22%20target%3D%22_blank%22%3E%40Chris%20Johnston%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan't%20see%20anything%20in%20the%20M365%20roadmap%20for%20this%20feature%20at%20the%20moment.%26nbsp%3B%20Guess%20you%20could%20start%20a%20uservoice%20request%20for%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Can anyone provide info for if and when Conditional Access App Control as configured through conditional access policy will provide Block Uploads as per the currently available Block downloads (Preview)? As this supports browser, mobile and desktop I can configure CAP to block all downloads and ideally would do the same for uploads if it was available.

 

I can configure MCAS Session policy for Teams Browser to block uploads but can't apply this to desktop and mobile.

 

I have looked at File Policy and admin quarantine applied to Teams as the App but Teams doesn't see to be a supported app and don't get policy matches for files in Teams. Picking SharePoint as the app does policy match the files in Teams but also all other SharePoint. Trying to filter out folders that are SharePoint vs Teams generated SharePoint and stay on top of it for a tenant with 10k users doesn't seem manageable. Could possibly use MCAS PowerShell and automation to generate and update a File Policy but it seems better to wait until the block upload functionality becomes natively available - as quarantine isn't really what's being asked for.  

 

Anyone able to provide some timescales?

1 Reply

@Chris Johnston 

 

Can't see anything in the M365 roadmap for this feature at the moment.  Guess you could start a uservoice request for this.

www.000webhost.com