Guests cannot download files shared with OneDrive (conditional access policies)

%3CLINGO-SUB%20id%3D%22lingo-sub-916505%22%20slang%3D%22en-US%22%3EGuests%20cannot%20download%20files%20shared%20with%20OneDrive%20(conditional%20access%20policies)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916505%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20enabled%20'Allow%20limited%2C%20web-only%20access'%20for%20unmanaged%20devices%20in%20Sharepoint%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-from-unmanaged-devices%3FredirectSourcePath%3D%25252farticle%25252f5ae550c4-bd20-4257-847b-5c20fb053622%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-from-unmanaged-devices%3FredirectSourcePath%3D%25252farticle%25252f5ae550c4-bd20-4257-847b-5c20fb053622%3C%2FA%3E).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20thought%20that%20this%20setting%20is%20linked%20with%20conditional%20access%20policies%20but%20it%20seems%20to%20be%20applied%20for%20all%20guest%20users.%20This%20setting%20creates%202%20conditional%20access%20policies.%20I%20changed%20the%20user%20assignments%20to%20exclude%20guests.%20This%20doesn't%20work.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20an%20option%20to%20exclude%20guests%20so%20they%20can%20download%20shared%20files%20to%20an%20unmanaged%20device%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20block%20downloading%20files%20from%20OneDrive%20and%20Sharepoint%20on%20non%20hybrid%20AD%20joined%20devices.%20We%20only%20want%20to%20do%20this%20for%20internal%20users.%20If%20we%20share%20with%20external%20users%2C%20it%20is%20the%20responsability%20of%20the%20guest%20to%20keep%20de%20downloaded%20documents%20safe.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-916505%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EGuest%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eshared%20folders%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

We have enabled 'Allow limited, web-only access' for unmanaged devices in Sharepoint (https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices?redirectSourcePath...).

 

I thought that this setting is linked with conditional access policies but it seems to be applied for all guest users. This setting creates 2 conditional access policies. I changed the user assignments to exclude guests. This doesn't work. 

 

Is there an option to exclude guests so they can download shared files to an unmanaged device?

 

We block downloading files from OneDrive and Sharepoint on non hybrid AD joined devices. We only want to do this for internal users. If we share with external users, it is the responsability of the guest to keep de downloaded documents safe. 

1 Reply

@LukTruyen : Did you get any response. Did you resolve your problem?

I#M interested in any help.

Thanks in advance.