SOLVED

Conditional Access to Block Office365 Portal

%3CLINGO-SUB%20id%3D%22lingo-sub-1032790%22%20slang%3D%22en-US%22%3EConditional%20Access%20to%20Block%20Office365%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1032790%22%20slang%3D%22en-US%22%3ECA%20can%20be%20applied%20to%20O365Apps%20to%20block%20access%20to%20Exchange%2FSharePoint%2Fetc.%20based%20on%20ip%2C%20device%20compliance%2C%20Hybrid%20joined%2C%20Apps%20etc.%20we%20have%20done%20that%20but%20We%20like%20to%20block%20access%20to%20Office365%20portal%20completely%20from%20unmanaged%20devices%2C%20not%20just%20individual%20apps%20since%20it%20is%20showing%20file%20preview%2C%20search%20in%20organisation%20etc.%20this%20is%20seen%20as%20significant%20risk.%20Screenshot%20show%20the%20view%20that%20i%20want%20to%20disable%20completely.%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1032790%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20Apps%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1035621%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20to%20Block%20Office365%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1035621%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3EThanks%20for%20reply.%20Is%20there%20any%20other%20solution%20i.e.%20Third%20party%20to%20block%20only%20Office365%20Apps%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1036424%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20to%20Block%20Office365%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1036424%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20only%20think%20that%20comes%20to%20mind%20is%20an%20MCAS%20app%20policy%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Faccess-policy-aad%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Faccess-policy-aad%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20that%20requires%20additional%20licensing%2Fconfiguration%20and%20I'm%20not%20sure%20you%20can%20scope%20it%20down%20to%20just%20the%20Office%20portal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1037543%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20to%20Block%20Office365%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1037543%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20Is%20it%20possible%20to%20add%20MFA%20to%20Office.com%2C%20prior%20to%20sign%20in%20to%20Outlook%2C%20Teams%20etc%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1032869%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20to%20Block%20Office365%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1032869%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20possible%20afaik.%20Unless%20you%20select%20the%20%22all%20apps%22%20condition.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor
CA can be applied to O365Apps to block access to Exchange/SharePoint/etc. based on ip, device compliance, Hybrid joined, Apps etc. we have done that but We like to block access to Office365 portal completely from unmanaged devices, not just individual apps since it is showing file preview, search in organisation etc. this is seen as significant risk. Screenshot show the view that i want to disable completely.
4 Replies
Highlighted

Not possible afaik. Unless you select the "all apps" condition.

Highlighted
Best Response confirmed by pratikdave (New Contributor)
Solution

@Vasil MichevThanks for reply. Is there any other solution i.e. Third party to block only Office365 Apps ? 

Highlighted

The only think that comes to mind is an MCAS app policy: https://docs.microsoft.com/en-us/cloud-app-security/access-policy-aad

 

But that requires additional licensing/configuration and I'm not sure you can scope it down to just the Office portal.

Highlighted

@Vasil Michev  Is it possible to add MFA to Office.com, prior to sign in to Outlook, Teams etc ?