Jun 04 2020 06:33 AM
Hi , is there a way to restrict access to SharePoint content through Teams interface (Files Tab) on unmanaged mobile devices. There is such a need as I want such users (on un managed devices) to access Teams for calls/video and may be chat but not to access SharePoint fIles and folders and maybe similarly not the Onedrive files.
Have enforced conditional access and also as SharePoint admin blocked access to SharePoint from unmanaged devices but it still doesn't seem to restrict the access.
Jun 04 2020 01:30 PM
Jun 05 2020 02:07 AM
@derhallim Thanks for the response. However, this is something we have already done. Result is that users from unmanaged devices are still able to access through Teams (Files Tab) all the files and folders that reside in SharePoint sites. Requirement is to block access to SharePoint while allowing MS Teams for communication, i.e., chat, meeting , video calls. Cant think that there is a gap in Microsoft's access policies for Teams and SharePoint....
Jun 05 2020 03:00 AM
Solution
We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device. Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.
Users and groups
specify your scope here of whom you wish for this policy to apply to.
Cloud apps or actions
Include only sharepoint online
Conditions
Device platform
Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.
Locations
Any location - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.
Client apps
Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms.
Device state
Include all device state but exclude compliant and hybrid joined devices from this policy
Access controls
block access
Cheers
Will
Dec 15 2021 11:32 AM
Jun 07 2023 09:18 AM
Jun 05 2020 03:00 AM
Solution
We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device. Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.
Users and groups
specify your scope here of whom you wish for this policy to apply to.
Cloud apps or actions
Include only sharepoint online
Conditions
Device platform
Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.
Locations
Any location - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.
Client apps
Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms.
Device state
Include all device state but exclude compliant and hybrid joined devices from this policy
Access controls
block access
Cheers
Will