Forum Discussion
Explaining to the IT Manager: protecting business data on employee owned devices
In trying to plan for a OD4B deployment, I have done a lot of testing with MAM and WIP, both enrolled and not enrolled, and now Conditional Access ... ...despite searching high and low, I still canno...
Condictional access will do what you are wanting. It may not be working as you expect for a number of reasons. There may be trusted ips configured so if you are testing on a trusted network, it will not enforce condictional access.
Also, other somewhat obvious factors include not deploying the policy to user account you are tying to condiction and allowing access for MFA enabled accounts "or" compliant device.
A conditional access policy based on network location can do the trick. So can the SPO sync restrictions as detailed here: https://technet.microsoft.com/en-us/library/dn917455.aspx