You have several options to block users from accessing Dropbox on corporate-managed desktop computers using Microsoft Intune:
- Network Level Blocking: Use a firewall or proxy to block Dropbox traffic. This can prevent users from accessing Dropbox websites and services.
- AppLocker or Windows Defender Application Control (WDAC): Configure policies to block the installation and execution of the Dropbox application. This can be done by creating rules allowing only approved applications to run[1].
- Microsoft Defender for Cloud Apps: If you have the appropriate licensing, you can use Microsoft Defender for Cloud Apps to block access to unsanctioned apps like Dropbox. This tool allows you to monitor and control cloud app usage[2].
- Device Configuration Profiles: Create device configuration profiles in Intune to restrict access to specific URLs or applications. This can be done by setting up custom OMA-URI settings or using built-in settings to block certain apps[3].
Implementing these measures ensures that your corporate data remains secure and that users only use approved storage solutions like OneDrive.
PowerShell and Remote Monitoring and Management (RMM)
PowerShell scripts and your Remote Monitoring and Management (RMM) tool can block Dropbox on corporate-managed computers. Here are a couple of methods:
PowerShell
Using PowerShell to Block Dropbox.
- Block Dropbox via Firewall Rules: You can create a PowerShell script to add firewall rules that block Dropbox traffic.
# Block Dropbox by adding firewall rules
New-NetFirewallRule -DisplayName "Block Dropbox" -Direction Outbound -Program "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -Action Block
New-NetFirewallRule -DisplayName "Block Dropbox" -Direction Inbound -Program "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -Action Block
- Block Dropbox via Hosts File: You can modify the host’s file to block Dropbox domains.
# Add Dropbox domains to hosts file to block access
$hostsPath = "C:\Windows\System32\drivers\etc\hosts"
Add-Content -Path $hostsPath -Value "`n127.0.0.1 dropbox.com"
Add-Content -Path $hostsPath -Value "`n127.0.0.1 www.dropbox.com"
Add-Content -Path $hostsPath -Value "`n127.0.0.1 dl.dropboxusercontent.com"
Remote Monitoring and Management (RMM) Tools
Most RMM tools allow you to deploy scripts or policies across managed devices. Here’s how you can use your RMM tool:
- Deploy PowerShell Scripts: Upload and deploy the above PowerShell scripts to all managed devices.
- Application Blocking: Use your RMM tool’s application-blocking feature to prevent the installation or execution of Dropbox. This might involve creating a policy that blocks the Dropbox executable.
- URL Filtering: If your RMM tool supports URL filtering, you can directly block access to Dropbox domains. Example with RMM Tool (e.g., ConnectWise Automate, Kaseya VSA)
- Create a Script:
- Write a script using the PowerShell commands provided.
- Save the script in your RMM tool’s script repository.
- Deploy the Script:
- Schedule the script to run on all target devices.
- Monitor the deployment to ensure it’s applied successfully.
- Policy Configuration:
- Configure a policy within your RMM tool to block the Dropbox application.
- Apply the policy to all relevant devices.
References
[1] How to block company data sync to Google Drive,iDrive, Dropbox
[2] What is the best way to block access to G-Drive or Dropbox – Windows 10 machines?
[3] How do you block the installation of Dropbox / Google Drive, etc?
Are you interested in more articles? Check out Syncro MSP Detect Installed RMM Tools with PowerShell