Forum Discussion
Solved
Disable images in Teams or force to act like files.
So apparently a new security hole has been introduced into teams. I am not sure quite when. We use Team in the GCCH environment and this is new functionality and is very bad. Images are no longe...
- So I got an engineer call finally, they are swamped right now. In case anyone else need to block teams
Conditional Access Policy, However you have to block more than just teams, You have to block all services in the chain for Teams to work
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/service-dependencies
Then under access controls check to completely block everyone. The trick to getting what you want is under Conditions and filter for devices. Exclude the devices you want. You can get as details as you want, Hybrid joined devices, Azure AD joined devices only Azure AD Registered devices, Compliant devices. Device Ownership set in Intune, To a group or heck right down to a list of device names if you want. This will exclude these devices from the compliance policy.
This works better than grand access on a few things.
JeffsRealm Interesting, I didn't realize that Teams in the GCCH environment handled this differently. Thanks for the correction.
If Conditional Access is not working with Microsoft Edge, there must be something else going on, since Edge natively supports it: Microsoft Edge and Conditional Access | Microsoft Learn. (Perhaps this is another GCCH limitation.)
So I got an engineer call finally, they are swamped right now. In case anyone else need to block teams
Conditional Access Policy, However you have to block more than just teams, You have to block all services in the chain for Teams to work
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/service-dependencies
Then under access controls check to completely block everyone. The trick to getting what you want is under Conditions and filter for devices. Exclude the devices you want. You can get as details as you want, Hybrid joined devices, Azure AD joined devices only Azure AD Registered devices, Compliant devices. Device Ownership set in Intune, To a group or heck right down to a list of device names if you want. This will exclude these devices from the compliance policy.
This works better than grand access on a few things.
Conditional Access Policy, However you have to block more than just teams, You have to block all services in the chain for Teams to work
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/service-dependencies
Then under access controls check to completely block everyone. The trick to getting what you want is under Conditions and filter for devices. Exclude the devices you want. You can get as details as you want, Hybrid joined devices, Azure AD joined devices only Azure AD Registered devices, Compliant devices. Device Ownership set in Intune, To a group or heck right down to a list of device names if you want. This will exclude these devices from the compliance policy.
This works better than grand access on a few things.