External Users Blocked from Downloading Files – Conditional Access Policy Stuck or Misbehaving?...

Hello,

My guess is that your problem is caused by a conflict with another policy. I can make some suggestions.

Verify Policy Propagation: Confirm in the Azure AD portal that the Conditional Access policy is indeed disabled for all relevant users. Sometimes, it helps to refresh the session for affected users by having them log out and log back in.

Check for Other Conflicting Policies: Other Conditional Access policies, Intune configurations, or SharePoint/OneDrive sharing settings might still be enforcing restrictions on unmanaged devices. Review all active policies that could impact external access and file download permissions.

Clear Cached Policies: Sometimes cached policies can cause issues. Ask external users to clear their browser cache or try accessing the link in an incognito/private browsing session.

Check Compliance Policies on SharePoint/OneDrive: Some settings within SharePoint or OneDrive compliance policies might restrict downloads based on device trust. Go to the SharePoint Admin Center or OneDrive settings to ensure there are no download restrictions set at the service level.

Audit Logs: Use the Azure AD Sign-In logs to check if there are any Conditional Access or compliance errors associated with these users’ access attempts. This may provide insights into which specific rule or condition is still applying.

Re-enable and Re-disable the Policy: Sometimes, toggling the policy off and on again can help refresh its status.

If it is not resolved, please let me know.

Best Regards,

Ali Koc