Forum Discussion
Controlling access to SPO sites from unmanaged devices
Hi
I've been testing access to SPO sites from unmanaged devices (ref: Control access from unmanaged devices - SharePoint in Microsoft 365 | Microsoft Docs), both for the entire tenant and also individual sites. Something I noticed was that even with the automatically generated conditional access policies disabled, the restrictions still applied, which came as a surprise to me. I subsequently deleted the policies and tested again, toggling between AllowLimitedAccess and AllowFullAccess for an individual site, and found that the restrictions applied when set to AllowLimitedAccess. My understanding was that CA policies were needed for this to work, but I must have been mistaken. Could someone enlighten me? Thanks in advance!
- Hi Stromnessian!
I have experienced the same issue when I tested this. Even though, we disable the respective CA policy, the restriction will apply. Try creating a CA policy on your own without modifying the policy created when the unmanaged device restriction was applied. Check out the blog below to know how to create CA policy on your own.
https://blog.admindroid.com/prohibit-unmanaged-devices-accessing-sharepoint-and-onedrive-to-prevent-data-exposure/ - Hello!
How much time do you let pass since you disabled the CA and tested for restrictions? Because it can take a considerable time for the changes to take effect, at least, on my past tests.
I do not remember if limiting an individual site creates CA policies, have to check on my tenant- Hi Andres
Thanks for your reply. One was set to Off and the other to Report Only weeks ago. I just deleted them today. I’m going to do some more testing…- Ok let me know how it goes!
