Oct 17 2018
06:29 AM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Oct 17 2018
06:29 AM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
I would like to create a 'Any device, anywhere' conditional access policy where by if you are using a corporate domain joined computer it will let you access and download o365 files BUT if you are on a personal device e.g. home computer or public computer it will restrict downloads.
I've created the policies needed using the [SharePoint Admin center] conditional access polices in Intune and initially I thought they worked great. If I was on public computer it allowed me to access and edit OneDrive and SharePoint files within the web browser and if I tried to download them locally it wouldn't let me! Great! However, I've spotted a loophole. You can get around this by opening these files through Teams as the conditional access policy doesn't seem to apply to Microsoft Teams! Anyone else spotted this or know a workaround or fix for this?
Oct 17 2018 07:12 AM
Nov 07 2019 12:58 PM
I've been digging through CA and Intune policies, still no luck on this one. Am I missing something simple?
Nov 08 2019 01:22 AM
Nov 08 2019 03:36 AM
@Tommek Does that allow your users to launch the Teams client on an unmanaged devices, but prevent them from using Teams to download files from SPO / OneDrive? I'm not seeing that behavior here.
Nov 09 2019 12:43 AM
@David Phillips no it doesn't allow users using Team client anymore. you can chose between no acces or only Webaccess from unmanaged devices...
if you would like to use teams client I think than you need to use CA and Cloud APP Security https://docs.microsoft.com/en-us/cloud-app-security/use-case-proxy-block-session-aad