Forum Discussion
Tommy-Williams
Sep 19, 2024Copper Contributor
Only Outlook and Teams on Personal mobile devices
We are looking to let users access Outlook and Teams using their personal iOS and Android devices but not allow them to access the SharePoint side within the Outlook app.
I have made two conditional access policies to accomplish this, but only the Outlook side of things is working. Teams won't let a user log in and are being blocked by the first Conditional access policy.
First CA
- Target Resources
Include = Office 365
Exclude = Micorosft Teams Service, Office 365 Exchange Online
- Conditions
Device Platform = Android, iOS
Filter for devices = device.deviceOwnership -eq "Personal"
- Grant
= Block access
Second CA
- Target Resources
Include = Microsoft Teams Services, Office 365 Exchange Online
-Conditions
Device Platform = Android, iOS
Filter for devices = device.deviceOwnership -eq "Personal"
- Grant
= Grant Access > Require device to be Marked compliant
Can anyone help?
- balasubramanimIron ContributorTommy-Williams
The issue is likely due to a conflict between the policies. In the First CA, modify the target to block SharePoint Online while explicitly excluding Teams and Exchange. Ensure Second CA targets only Teams and Outlook with a clear compliance requirement. This should allow users to access Teams and Outlook on personal devices while blocking SharePoint access.