cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Restrict Sharepoint access through Teams on mobile devices

AVVerifile
Copper Contributor

‎Jun 04 2020 06:33 AM

‎Jun 04 2020 06:33 AM

Restrict Sharepoint access through Teams on mobile devices

Hi , is there a way to restrict access to SharePoint content through Teams interface (Files Tab) on unmanaged mobile devices. There is such a need as I want such users (on un managed devices) to access Teams for calls/video and may be chat but not to access SharePoint fIles and folders and maybe similarly not the Onedrive  files. 

 

Have enforced conditional access and also as SharePoint admin blocked access to SharePoint from unmanaged devices but it still doesn't seem to restrict the access.  

Labels:
7,749 Views
0 Likes
5 Replies
Reply
5 Replies
derhallim

‎Jun 04 2020 01:30 PM

‎Jun 04 2020 01:30 PM

Re: Restrict Sharepoint access through Teams on mobile devices

You can control this from the SP admin center to be reflected for both OD4B and SharePoint through the SP admin center, and you can have more control over the options available through AAD. Follow this article for more info:

https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

0 Likes
Reply
AVVerifile

‎Jun 05 2020 02:07 AM

‎Jun 05 2020 02:07 AM

Re: Restrict Sharepoint access through Teams on mobile devices

@derhallim Thanks for the response. However, this is something we have already done. Result is that users from unmanaged devices are still able to access through Teams (Files Tab) all the files and folders that reside in SharePoint sites. Requirement is to block access to  SharePoint while allowing MS Teams for communication, i.e., chat, meeting , video calls. Cant think that there is a gap in Microsoft's access policies for Teams and SharePoint....

0 Likes
Reply
best response confirmed by AVVerifile (Copper Contributor)
WillSomerville

‎Jun 05 2020 03:00 AM

‎Jun 05 2020 03:00 AM

Solution

Re: Restrict Sharepoint access through Teams on mobile devices

@AVVerifile 

 

We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device.  Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.

 

Users and groups 

specify your scope here of whom you wish for this policy to apply to.

 

Cloud apps or actions 

Include only sharepoint online 

 

Conditions 

 Device platform 

Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.

Locations 

Any location  - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.

Client apps 

Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms. 

Device state 

Include all device state but exclude compliant and hybrid joined devices from this policy

Access controls

block access

 

Cheers

Will 

 

 

 

1 Like
Reply
Timo_Lenz

‎Dec 15 2021 11:32 AM

‎Dec 15 2021 11:32 AM

Re: Restrict Sharepoint access through Teams on mobile devices

I had a similar request a time ago - the result was, that it is not possible. Due to the so called „service dependency“, if you block one service which is used by teams, the whole app will be blocke. …

But I will give it another try with Wills suggestions.
0 Likes
Reply
cJared978

‎Jun 07 2023 09:18 AM

‎Jun 07 2023 09:18 AM

Re: Restrict Sharepoint access through Teams on mobile devices

How have you advanced this policy now that Device State is deprecated?
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by AVVerifile (Copper Contributor)
WillSomerville

‎Jun 05 2020 03:00 AM

‎Jun 05 2020 03:00 AM

Solution

Re: Restrict Sharepoint access through Teams on mobile devices

@AVVerifile 

 

We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device.  Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.

 

Users and groups 

specify your scope here of whom you wish for this policy to apply to.

 

Cloud apps or actions 

Include only sharepoint online 

 

Conditions 

 Device platform 

Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.

Locations 

Any location  - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.

Client apps 

Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms. 

Device state 

Include all device state but exclude compliant and hybrid joined devices from this policy

Access controls

block access

 

Cheers

Will 

 

 

 

View solution in original post

1 Like
Reply