Forum Discussion

Tommy-Williams's avatar
Tommy-Williams
Copper Contributor
Sep 19, 2024

Only Outlook and Teams on Personal mobile devices

We are looking to let users access Outlook and Teams using their personal iOS and Android devices but not allow them to access the SharePoint side within the Outlook app.

I have made two conditional access policies to accomplish this, but only the Outlook side of things is working. Teams won't let a user log in and are being blocked by the first Conditional access policy.

 

First CA

- Target Resources

Include = Office 365

Exclude = Micorosft Teams Service, Office 365 Exchange Online

- Conditions

Device PlatformAndroid, iOS

Filter for devices = device.deviceOwnership -eq "Personal"

- Grant

= Block access

 

Second CA

- Target Resources

Include = Microsoft Teams Services, Office 365 Exchange Online

-Conditions

Device Platform = Android, iOS

Filter for devices = device.deviceOwnership -eq "Personal"

- Grant

= Grant Access > Require device to be Marked compliant

 

Can anyone help?

 

 

  • Tommy-Williams
    The issue is likely due to a conflict between the policies. In the First CA, modify the target to block SharePoint Online while explicitly excluding Teams and Exchange. Ensure Second CA targets only Teams and Outlook with a clear compliance requirement. This should allow users to access Teams and Outlook on personal devices while blocking SharePoint access.

Resources