Forum Discussion
Solved
Restrict Sharepoint access through Teams on mobile devices
Hi , is there a way to restrict access to SharePoint content through Teams interface (Files Tab) on unmanaged mobile devices. There is such a need as I want such users (on un managed devices) to acce...
We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device. Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.
Users and groups
specify your scope here of whom you wish for this policy to apply to.
Cloud apps or actions
Include only sharepoint online
Conditions
Device platform
Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.
Locations
Any location - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.
Client apps
Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms.
Device state
Include all device state but exclude compliant and hybrid joined devices from this policy
Access controls
block access
Cheers
Will
You can control this from the SP admin center to be reflected for both OD4B and SharePoint through the SP admin center, and you can have more control over the options available through AAD. Follow this article for more info:
https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
derhallim Thanks for the response. However, this is something we have already done. Result is that users from unmanaged devices are still able to access through Teams (Files Tab) all the files and folders that reside in SharePoint sites. Requirement is to block access to SharePoint while allowing MS Teams for communication, i.e., chat, meeting , video calls. Cant think that there is a gap in Microsoft's access policies for Teams and SharePoint....
We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device. Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.
Users and groups
specify your scope here of whom you wish for this policy to apply to.
Cloud apps or actions
Include only sharepoint online
Conditions
Device platform
Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.
Locations
Any location - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.
Client apps
Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms.
Device state
Include all device state but exclude compliant and hybrid joined devices from this policy
Access controls
block access
Cheers
Will
- How have you advanced this policy now that Device State is deprecated?
- I had a similar request a time ago - the result was, that it is not possible. Due to the so called „service dependency“, if you block one service which is used by teams, the whole app will be blocke. …
But I will give it another try with Wills suggestions.
