Nov 16 2018
05:07 AM
- last edited on
Feb 01 2023
01:21 PM
by
TechCommunityAP
Nov 16 2018
05:07 AM
- last edited on
Feb 01 2023
01:21 PM
by
TechCommunityAP
I recently configured Conditional Access in Office 365 by selecting "Allow limited, web-only access" in the SharePoint Admin Center, under "Unmanaged devices). All the devices in question are managed and appear under Azure AD Devices as "Hybrid Azure AD Joined".
My issue is that if I go to Office.com in Chrome of Firefox, and then go to OneDrive, I receive the message stating "Your organization doesn't allow you to download, print, or sync..." However, if I go to Office.com in IE and then go to OneDrive, I do not receive that message, and I have full functionality.
Has anyone encountered this before? If I disable the "[SharePoint Admin Center]Use app-enforced Restrictions for browser access", I have no issues, so I know it's directly tied to that. I just can't figure out why Chrome/Firefox do not work properly. Thank you in advance!
Additional info:
Windows 10 LTSB (1607)
Chrome 70.0.3538 (latest)
Firefox 60.3 (latest)
Nov 19 2018 09:30 AM
SolutionReceived an answer back from Microsoft, with a link to an article - https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices?redirectSourcePath...
The below pasted statement basically means we need to use Edge or IE with Windows 10, in order to have full O365 functionality online (or the users can just use the desktop apps, which all managed devices have). Just wanted to put this in here, in case it can help anyone else in the future!
"Blocking or limiting access on unmanaged devices relies on Azure AD conditional access policies. Learn about Azure AD licensing For an overview of conditional access in Azure AD, see Conditional access in Azure Active Directory. For info about recommended SharePoint access policies, see Policy recommendations for securing SharePoint sites and files. If you limit access on unmanaged devices, users on managed devices who have the following browser and operating system combinations will also have limited access:
Chrome, Firefox, or any other browser besides Microsoft Edge and Microsoft Internet Explorer on Windows 10 or Windows Server 2016
Firefox in Windows 8.1, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2"
Dec 07 2018 08:47 PM
You can also take a look at the Windows 10 Accounts plugin for Chrome to help with this. I thought there was one for Firefox as well, but I'm not able to find it right now.
Chrome - https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji
Sep 28 2020 04:04 AM
@Brandon Hofmann I am sorry but this is false information. I use SPO in chrome just fine with no issue.
Sep 28 2020 06:34 AM
@Ben Stegink yep, this should do it
Nov 19 2018 09:30 AM
SolutionReceived an answer back from Microsoft, with a link to an article - https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices?redirectSourcePath...
The below pasted statement basically means we need to use Edge or IE with Windows 10, in order to have full O365 functionality online (or the users can just use the desktop apps, which all managed devices have). Just wanted to put this in here, in case it can help anyone else in the future!
"Blocking or limiting access on unmanaged devices relies on Azure AD conditional access policies. Learn about Azure AD licensing For an overview of conditional access in Azure AD, see Conditional access in Azure Active Directory. For info about recommended SharePoint access policies, see Policy recommendations for securing SharePoint sites and files. If you limit access on unmanaged devices, users on managed devices who have the following browser and operating system combinations will also have limited access:
Chrome, Firefox, or any other browser besides Microsoft Edge and Microsoft Internet Explorer on Windows 10 or Windows Server 2016
Firefox in Windows 8.1, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2"