Forum Discussion
Solved
Conditional Access and Controls for Teams Web App
Is it possible to configure Conditional Access / Policies for the Teams Web App that restrict downloading of files? Essentially making it a chat/video client only.
- Hi Ben Grinsted
I guess it depends on the type of approach you want to run with. I once did an article about how to basically close down everything but private chat
https://microsoft365pro.co.uk/2019/03/26/teams-can-you-do-private-chat-only/
It was a bit of an extreme approach, you could also consider
1.) Amend SharePoint permissions to block download of files
2.) Use Intune and app protection policies to block downloading files on apps
The way which you may be looking for is to use Cloud App Security
https://docs.microsoft.com/en-us/cloud-app-security/use-case-proxy-block-session-aad
This provides the ability to block downloads by users who have access to your sensitive data in enterprise cloud apps from either unmanaged devices or off-corporate network locations
Hope that gives you some ideas and answers your question
Best, Chris
Hi Ben Grinsted
I guess it depends on the type of approach you want to run with. I once did an article about how to basically close down everything but private chat
https://microsoft365pro.co.uk/2019/03/26/teams-can-you-do-private-chat-only/
It was a bit of an extreme approach, you could also consider
1.) Amend SharePoint permissions to block download of files
2.) Use Intune and app protection policies to block downloading files on apps
The way which you may be looking for is to use Cloud App Security
https://docs.microsoft.com/en-us/cloud-app-security/use-case-proxy-block-session-aad
This provides the ability to block downloads by users who have access to your sensitive data in enterprise cloud apps from either unmanaged devices or off-corporate network locations
Hope that gives you some ideas and answers your question
Best, Chris
I guess it depends on the type of approach you want to run with. I once did an article about how to basically close down everything but private chat
https://microsoft365pro.co.uk/2019/03/26/teams-can-you-do-private-chat-only/
It was a bit of an extreme approach, you could also consider
1.) Amend SharePoint permissions to block download of files
2.) Use Intune and app protection policies to block downloading files on apps
The way which you may be looking for is to use Cloud App Security
https://docs.microsoft.com/en-us/cloud-app-security/use-case-proxy-block-session-aad
This provides the ability to block downloads by users who have access to your sensitive data in enterprise cloud apps from either unmanaged devices or off-corporate network locations
Hope that gives you some ideas and answers your question
Best, Chris
Thanks ChrisHoardMVP, that's useful.
The scenario I would like is flexible based on device, so logging on from a domain-joined device or iOS/Android controlled with Intune, you get the full experience.
If the same person logs on from their home computer because they forgot their laptop or phone, they can still connect, but can only chat, call and join meetings.
I think that's what your Cloud App Security suggestion could achieve, so I'll give that a go.