Forum Discussion
Solved
Stop downloads on unmanaged devices - conditional access
Hi all, I want to set a block policy on downloads from sharepoint and onedrive for unmanaged devices - personal or not within the tenant. I dont want to set this policy for all unmanaged but on...
For anyone who would like to achieve the same I have managed to get it working.
Here is the config I used in conditional access (selecting Sharepoint online for the target resource)
And how do you plan to differentiate such devices? Generally speaking, Entra/M365 has zero information on such devices, so it will be difficult to target only few of them specifically. If you can come up with a (supported) condition to filter them out, you can configure the corresponding Conditional access policy. If not, it will have to be an "all or nothing" approach, for all unmanaged devices.
- To identify the device can this be done in condition to check if the device is compliant or not?
- Again, how do you plan to identify those "select few" unmanaged devices? You can certainly check whether the device is compliant or not, but this is a simple true/false check, so you will have to come up with some other criteria.
What other criteria is required, if this is not possible then thats fine, its the reason im posting i just need to know
Rather than applying the condtional access to all I wanted to apply this to a select few users ie those who have company devices wont be able to download from their personal non compliant devices and then those who are BYOD this policy wont apply too