Key Takeaways
- Controls whether the iOS Files app can connect to network drives
- When enabled, it blocks access to improve security
- Applies to shared folders hosted on company servers
- Helps prevent data leakage from unmanaged or personal devices
- When disabled, users can connect normally but security risks are higher
Hey, let’s discuss about How to Block Network Drive Access in iOS Files App Using Intune. This Intune policy controls whether iOS users can connect to network drives from the Files app. Network drives are shared folders from office servers or company networks. With this policy, IT admins can allow or block this access based on company security needs. Network drives may contain sensitive company data. If users connect freely from personal or unmanaged apps, data can be copied, shared, or lost.
Table of Contents
Block Network Drive Access in iOS Files App using Intune
When this policy is enabled, users cannot add or connect to network drives in the Files app. This prevents them from browsing company servers directly from the device. It keeps data inside approved apps only. When the policy is disabled, users can connect to network drives normally through the Files app. They can open shared folders, download files, and upload documents. This gives more flexibility but less security.
- How to Continue Syncing on Metered Networks on OneDrive using Intune Policy
- Disable Mapping of Client Drive Redirection in Remote Desktop Services Sessions using Intune
- How Microsoft Entra Suite Unifies Identity and Network Access to Stop AI-Powered Attacks
How to Start Policy Creation
To deploy this policy through Microsoft Intune, first sign into the Microsoft Intune admin center. Next, navigate to Devices > Configurations. On the right side, you will see the option for create; select that and then click on New Policy.
| Platform | Profile Type |
|---|---|
| iOS/iPadOS | Settings Catalog |
Basic Tab for Name and Description
In the basic details section, you must enter essential information about a policy, including its name, description, and platform details. I will give the name Allow Files Network Drive Access. You can add the description if you want to, as it helps you identify the policy later.
Configuration Settings
In the configuration settings, first locate the option to add settings through a hyperlink and click on it. This action will open a settings picker. Next, select the Restrictions category and select Allow Files Network Drive Access.
After that, you can close the settings picker window. Once you close the settings window, you will be directed to the configuration settings page. This setting is turned on by default. If you want to keep this setting disabled, click the next option.
Block File Network Drive Access Policy
To enable this policy, you need to enable this Policy. You will find a toggle switch there. Moving the toggle from right to left and is labeled false. This indicates that the option is not activated. Then click Next to continue.
What is Scope Tag
After the configuration tab, you will find the scope tags section. In this section, you can add a scope tag for the policy, but it is not mandatory; therefore, I will skip this part and click Next.
Assignments
In this section, you can specify the group to which you want to apply the policy. I clicked on Add Groups under the Include Group option. When I clicked Add Groups a list of suggested groups appeared. I selected the group(HTMD Supervised Devices – iOS/iPadOS) and now it is visible on the assignment page. After this, click Next to proceed.
Final Step
After completing the assignments, you will reach the review and create option, which is the final stage of policy creation. You can view all the details about the policy, including the basics, specifics, and configuration details. Now,click on the Create option then, you will see a notification Allow File Network Drive Access created successfully”.
Monitoring status
To view a policy’s status, go to Devices > Configuration in the intune portal, select the policy (Allow Files Network Drive Access), and check that the status shows Succeeded (1). Use manual sync in the Company Portal to speed up the process.
How to Remove Assigned Group from this Policy
After creating the policy, if you want to remove the specific group that you previously selected, you can easily do that. First, go to Devices > Configuration policies. In the Configuration policy section, search and select the policy. In the Assignment section, you will find an Edit option and click on it. Then, click the Remove option.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete this Policy from Intune Portal
If you want to delete this policy for any reason, you can easily do so. First, search for the policy name in the configuration section. When you find the policy name, you will see a 3-dot menu next to it. Click on the 3 dots, then click the Delete button.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community and Whatsapp channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.