Conditional Access control

Copper Contributor

is it possible to apply conditional access control on a device with one drive app?  if a user is using one drive app and the device is not managed, block downloads. 

6 Replies

@esnecho991 You need to apply app protection policies with condition access to enable DLP in unmanaged devices.


@Swaminathan_Arumugam that requires intunes on my devices. 


how about my user's laptop and mobile pads. 



You need EMS E3 or M365 F3 lic to apply app protection policy using Intune.

@Swaminathan_Arumugam  thanks.  is there any limitation on the platform where intunes can installed ? 

We have servers, Desktop, and Linux machines. how to address that? 

@esnecho991 To achieve this you need to implement CASB


Are the other devices in your environment hybrid azure ad joined? If you have it, you can create a conditional access rule "Block Unmanaged Device File Downloads".


Users and groups: All users

Cloud App: Office 365 SharePoint Online
- Client Apps: Mobile Apps and desktop clients
- Device state: Configure YES, Include: All device state, Exclude: Device Hybrid Azure AD joined
Access Controls: Block Access