I would like to create a 'Any device, anywhere' conditional access policy where by if you are using a corporate domain joined computer it will let you access and download o365 files BUT if you are on a personal device e.g. home computer or public computer it will restrict downloads.
I've created the policies needed using the [SharePoint Admin center] conditional access polices in Intune and initially I thought they worked great. If I was on public computer it allowed me to access and edit OneDrive and SharePoint files within the web browser and if I tried to download them locally it wouldn't let me! Great! However, I've spotted a loophole. You can get around this by opening these files through Teams as the conditional access policy doesn't seem to apply to Microsoft Teams! Anyone else spotted this or know a workaround or fix for this?
Not sure if you can get Teams to work, however if it works with SharePoint it will work in Teams soon when they replace the Files tab with SharePoint Modern Library UI. So it might be a matter of waiting for that release. No idea when that is coming but it should be by year end worse case, but it could be any week.
Go to Teams files tab, and click "Open in SharePoint", then try to see if it works from the attached Team SharePoint site. If it does, then the files tab release should fix your issue. Otherwise if it doesn't, then your settings aren't applying to the underlying SharePoint site the teams are attached to and I would check there!