Edge have access to OneDrive files on iOS with ability to steal them via any sharing or email service

Hello community,

currently we are working on securing edge on iOS devices that have access to files on corporate OneDrive = you may via Edge access any corporate document and steal it via every common email or sharing service.

We have worked out only three solutions none ideal:

  1. Set Receive data from other apps to NONE > Outcome you will not be able to send the attachment away, but as well you will not open any weblink from any other corporate apps.
  2. Set Allow list > You need to specify what resources are available
  3. Set Block list > You will never be able to specify 100% sharing webs

Any idea?

MS is hiding behind this statement:

Although Edge is in “corporate” context, users can intentionally move OneDrive “corporate” context files to an unknown personal cloud storage location. To avoid this, see Manage restricted web sites and configure the allowed/blocked site list for Edge.

We are using edge in our environment and cant repro. Can you share an example
May be the setting in MAM policy is allowing to share data outside?

On iOS device log in to email client via Edge then try to add attachment.

There you need to go back from the current view. and on the top right there are three dots. Pick them up and turn on the OneDrive, now it will appear at the destinations you can take data from.