Microsoft Tech Community Live:  Microsoft Teams Edition
November 09, 2021, 08:00 AM - 12:00 PM (PST)
SOLVED

Anyway to only limit Microsoft Teams to desktop use?

%3CLINGO-SUB%20id%3D%22lingo-sub-362898%22%20slang%3D%22en-US%22%3EAnyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362898%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20not%20been%20able%20to%20find%20a%20way%20to%20block%20the%20access%20of%20logging%20into%20Microsoft%20Teams%20on%20a%20mobile%20device.%26nbsp%3B%20Issues%20below%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3Ehave%20not%20found%20a%20free%20way%20or%20even%20a%20good%20paid%20way%20that%20allows%20user%20to%20log%20into%20Microsoft%20Teams%20via%20the%20app%20or%20browser%20on%20desktop%2C%20but%20neither%20on%20the%20phone%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3Eeven%20if%20you%20were%20only%20able%20to%20block%20the%20app%20on%20phone%2C%20you%20could%20still%20force%20your%20mobile%20internet%20browser%20into%20desktop%20mode%20and%20it%20will%20log%20into%20teams%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3EI%20haven't%20seen%20a%20way%20to%20maybe%20only%20allowing%20login%20by%20MAC%20address%2C%20not%20sure%20if%20this%20even%20exists%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EAny%20help%20or%20idea%20would%20be%20great.%26nbsp%3B%20We%20are%20remote%20company%20so%20it%20would%20have%20to%20be%20done%20by%20the%20cloud.%26nbsp%3B%20If%20we%20were%20to%20share%20HIPAA%20info%20via%20teams%2C%20we%20would%20not%20want%20them%20to%20be%20able%20to%20see%20this%20info%20through%20their%20phone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20only%20option%20I%20can%20think%20of%20using%20mobile%20device%20management%20through%20a%20company%20where%20they%20install%20the%20app%20on%20their%20phone%20and%20we%20can%20lock%20it%20down%20and%20also%20make%20sure%20they%20are%20using%20secure%20login%20to%20their%20phone%20(such%20as%20face%20unlock%2C%20pin%2C%20fingerprint%2C%20etc).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-362898%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHow-to%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-363010%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363010%22%20slang%3D%22en-US%22%3EBasically%20you%E2%80%99re%20best%20bet%20is%20what%20have%20been%20said%20using%20a%20mdm%20and%20conditional%20access!%20Networking%20will%20also%20only%20affect%20the%20internal%20network%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-363003%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-363003%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20need%20to%20look%20at%20two%20features%20in%20the%20EMS%20product%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.%20Intune%20App%20Protection%20policies%3C%2FP%3E%0A%3CP%3E2.%20Azure%20AD%20Conditional%20Access%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20will%20allow%20you%20to%20have%20an%20entirely%20secure%20environment%20for%20data%20in%20the%20Teams%20mobile%20app%20on%20either%20iOS%20or%20Android.%20Intune%20App%20Protection%20encrypts%20the%20apps%20data%2C%20requires%20passcodes%2C%20and%20prevents%20copy%2Fpaste%20into%20other%20apps.%20Conditional%20Access%20can%20then%20only%20allow%20access%20from%20these%20protected%20Applications.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362996%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362996%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20guys.%26nbsp%3B%20I%20know%20this%20is%20a%20bit%20off%20topic%20but%20related%20to%20same%20thing%2C%20but%20is%20there%20a%20way%20to%20whitelist%20IPs%20from%20using%20microsoft%20programs%20on%20the%20phone%2C%20like%20Teams%2C%20Exchange%2C%20etc%3F%26nbsp%3B%20Trying%20to%20see%20if%20there's%20a%20route%20that%20is%20included%20with%20Office%20365%20business%20licensing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362994%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362994%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you're%20using%20Azure%20AD%20you%20should%20be%20able%20to%20create%20conditional%20access%20policies%20to%20block%20Teams%20from%20mobile%20devices.%26nbsp%3B%20We%20do%20something%20similar%20to%20prevent%20certain%20users%20from%20getting%20Exchange%20Online%20on%20a%20mobile%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20what%20level%20of%20Azure%20AD%20license%20it%20requires.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-362914%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-362914%22%20slang%3D%22en-US%22%3EExcept%20from%20the%20things%20you%20mentioned%2C%20I%20don%E2%80%99t%20believe%20there%20are%20any%20other%20options%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2206501%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2206501%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F995931%22%20target%3D%22_blank%22%3E%40llimas%3C%2FA%3E%26nbsp%3Bit's%20a%20current%20feature%2C%20as%20per%20the%20messages%20above%20look%20up%20Conditional%20Access.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2206531%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2206531%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F178440%22%20target%3D%22_blank%22%3E%40Steven%20Collier%3C%2FA%3E%26nbsp%3BI%20mean%20without%20the%20dependency%20of%20MDM%20services%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2206436%22%20slang%3D%22en-US%22%3ERe%3A%20Anyway%20to%20only%20limit%20Microsoft%20Teams%20to%20desktop%20use%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2206436%22%20slang%3D%22en-US%22%3EIs%20there%20any%20chance%20that%20this%20might%20be%20future%20feature%3F%3F%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi there,

 

I have not been able to find a way to block the access of logging into Microsoft Teams on a mobile device.  Issues below:

 

  • have not found a free way or even a good paid way that allows user to log into Microsoft Teams via the app or browser on desktop, but neither on the phone

  • even if you were only able to block the app on phone, you could still force your mobile internet browser into desktop mode and it will log into teams

  • I haven't seen a way to maybe only allowing login by MAC address, not sure if this even exists

Any help or idea would be great.  We are remote company so it would have to be done by the cloud.  If we were to share HIPAA info via teams, we would not want them to be able to see this info through their phone.

 

My only option I can think of using mobile device management through a company where they install the app on their phone and we can lock it down and also make sure they are using secure login to their phone (such as face unlock, pin, fingerprint, etc).

 

Thanks!

10 Replies
Except from the things you mentioned, I don’t believe there are any other options

If you're using Azure AD you should be able to create conditional access policies to block Teams from mobile devices.  We do something similar to prevent certain users from getting Exchange Online on a mobile device.

 

I don't know what level of Azure AD license it requires. 

Thanks guys.  I know this is a bit off topic but related to same thing, but is there a way to whitelist IPs from using microsoft programs on the phone, like Teams, Exchange, etc?  Trying to see if there's a route that is included with Office 365 business licensing.

best response confirmed by Minh_HD (New Contributor)
Solution

You need to look at two features in the EMS product

 

1. Intune App Protection policies

2. Azure AD Conditional Access

 

This will allow you to have an entirely secure environment for data in the Teams mobile app on either iOS or Android. Intune App Protection encrypts the apps data, requires passcodes, and prevents copy/paste into other apps. Conditional Access can then only allow access from these protected Applications.

Basically you’re best bet is what have been said using a mdm and conditional access! Networking will also only affect the internal network
Is there any chance that this might be future feature??

@llimas it's a current feature, as per the messages above look up Conditional Access.

@Steven Collier I mean without the dependency of MDM services

@llimas It uses an App Protection Policy configured through Intune, but this isn't 'MDM'. MDM would be where people register their device, App Protection Policies require no registration and are local only to the app.

 

There's no other way, as this way already exists.

Can you help me setting up a policy where users in the Microsoft teams app can log in from One Device only at a time? So it can be ensured that multiple persons can't join any meeting using one single login id and password from different devices. And how can I know that a user is connected from a single device only or multiple devices?