Microsoft Intune solution : Not able to Download/save any data

I

int86

You'r born free
Contributor
My organisation uses Microsoft Intune solution/Microsoft Entra ID. I access my official mail at home PC occasionally through mandatory configuring EDGE for my work/official profile. I am able to access mail at https://outlook[dot]offi[]ce365[dot]com through work profile in EDGE.
only.
I can access mail but neither able to print anything or download any attachment.

Anybody have any solution then please guide. I would like to save pdf and excel attachments. Following popup always stops. My company wont help any further

Even if I open other site in EDGE under same work profile, say google, then also not able to copy any text.

1741998029524.png
 
Last edited:
Trying to bypass company protections could be grounds for a warning or more severe punishment. Would advice to have a word with someone from IT.

Secondly, the system might have been setup with Conditional Access with Information Rights policies to prevent you from copying data on non company devices which is out of control, like your home PC

Coming to the bypass - you need to tinker around in developer tools to identify the source of the file and try to download from there.
 
  • Like
Reactions: nitin_g3, ibose and khalil
vivek.krishnan said:
Coming to the bypass - you need to tinker around in developer tools to identify the source of the file and try to download from there.
Click to expand...
How to proceed for to download any excel or pdf file. Even copy and paste through mouse drag do not work. there must be some work-around. I can take screenshots but those are not productive, just time waste
Even if I open other site in EDGE under same work profile, say google, then also not able to copy any text.
 
Last edited:
Intune architect here. While I mostly work on mobile devices. Below holds good for desktops too.

Your organisation is has applied App protection policy on your Edge browser. Am assuming you organisation has MAM-WE-ish setup that allows you to login from any device that meets their requirements.

The following controls are set under the policy.

These settings prevent you from performing copy-paste of text or download files to local storage.

Setting name: Data Transfer
Setting description: Send Org Data to other app
Value: None or policy managed apps

Setting name: Data Transfer
Setting description:Allow cut, copy, and paste for
Value: None or organisation managed app

Setting name: Functionality
Setting description: Print org Data
Value: Block

Trying to break the browser and attempt to login. You could get blocked by compliance policy or conditional access. Even if you are successful. The documents could be still protected under Information rights (microsoft purview)

To bypass this while not getting into trouble. Your organisation needs to create a new protection policy with far more relaxed controls allowing you to print or download documents. This would obviously need you to go through justifying the boss, Information security, client and other stake holders,etc
 
  • Like
Reactions: ibose and axeman
kalph09 said:
Trying to break the browser and attempt to login. You could get blocked by compliance policy or conditional access. Even if you are successful. The documents could be still protected under Information rights (microsoft purview)

To bypass this while not getting into trouble. Your organisation needs to create a new protection policy with far more relaxed controls allowing you to print or download documents. This would obviously need you to go through justifying the boss, Information security, client and other stake holders,etc
Click to expand...

My organisation has 1lac+ employees, so cant reach upto top information security officer, who holds everything. For pdf I manage to take screenshot on mobile or PC and manually paste it. But real hinderance I follow is with large excel files like 300 rows,

Kuch to solution hoga. Like if I open attached excel in EDGE, somewhere is disk it would get buffered.
 
int86 said:
My organisation has 1lac+ employees, so cant reach upto top information security officer, who holds everything. For pdf I manage to take screenshot on mobile or PC and manually paste it. But real hinderance I follow is with large excel files like 300 rows,

Kuch to solution hoga. Like if I open attached excel in EDGE, somewhere is disk it would get buffered.
Click to expand...
Entra is doing what it is set up to do, block downloads on unmanaged devices as per policy. The entire idea is to prevent company files from landing on personal devices and in worst case, being accessed by malware on devices whose security is unknown.

Many corporates simply use a cloud PC for such use cases, though that is of course a more expensive solution. You are meant to access those files on a managed device, so no one is really going to help out from the company. Can't see them relaxing such a policy.
 
  • Like
Reactions: ibose
t3chg33k said:
Entra is doing what it is set up to do, block downloads on unmanaged devices as per policy. The entire idea is to prevent company files from landing on personal devices and in worst case, being accessed by malware on devices whose security is unknown.

Many corporates simply use a cloud PC for such use cases, though that is of course a more expensive solution. You are meant to access those files on a managed device, so no one is really going to help out from the company. Can't see them relaxing such a policy.
Click to expand...
Yes my company uses Cloud PC. What I can see on my PC, cant I save, Kuch toh trick hoga
 
int86 said:
Kuch toh trick hoga
Click to expand...
Why do you think companies will pay Microsoft lakhs for these apps/services if there is an easily available bypass?

InTune is doing literally what it's supposed to do and you keep saying "there must be a solution" as if it's a problem/bug. InTune is the solution. The problem statement is "company data should not go out of company network".

No, there's no trick or hack or bypass for it. If there is, it will not be available in public domain before Microsoft has patched it.

Use your company provided PC for Excel work.
 
int86 said:
Yes my company uses Cloud PC. What I can see on my PC, cant I save, Kuch toh trick hoga
Click to expand...

The 'work profile' you are referring is a container. Whatever data is buffered resides in that, encrypted. Breaking encryption means the device will report back to Intune as non-compliant and blocks access + wipe enterprise data. You might find some information on XDA forums, those are all outdated.

We spends huge sums of $$$ (in 5 digits) a year on infosec just to find out if there are ways to find sensitive data like files, passwords, etc. They were able to get that only if I turn off jail break/root detection from the Intune's compliance and app protection policy. This worked till 2021, Microsoft has now closed that gap.
 
int86 said:
My organisation uses Microsoft Intune solution/Microsoft Entra ID. I access my official mail at home PC occasionally through mandatory configuring EDGE for my work/official profile. I am able to access mail at https://outlook[dot]offi[]ce365[dot]com through work profile in EDGE.
only.
I can access mail but neither able to print anything or download any attachment.

Anybody have any solution then please guide. I would like to save pdf and excel attachments. Following popup always stops. My company wont help any further

Even if I open other site in EDGE under same work profile, say google, then also not able to copy any text.

View attachment 227107
Click to expand...
This is a very common practice these days. I too check my emails, fill timesheets from my personal rig but apart from purely read-only mode I cannot download, upload or even copy text across due to restriction. I was also pissed off but been into compliance I can certainly understand the demerits of allowing all these as data exchange/selling outside org. to 3rd parties etc. have significantly costed companies crores of losses esp. their clients exiting their biz/contracts prematurely!

You shouldn't dare to fiddle with anything else one trigger alert and you are in the red zone and then be ready for logical explanations for your act and face severe consequences!
 
  • Like
Reactions: bssunilreddy
Top Bottom