Forum Discussion

AVVerifile's avatar
AVVerifile
Copper Contributor
Jun 04, 2020

Restrict Sharepoint access through Teams on mobile devices

Hi , is there a way to restrict access to SharePoint content through Teams interface (Files Tab) on unmanaged mobile devices. There is such a need as I want such users (on un managed devices) to acce...
Sharepoint and Teams
  • WillSomerville's avatar
    WillSomerville
    Jun 05, 2020

    AVVerifile 

     

    We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device.  Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.

     

    Users and groups 

    specify your scope here of whom you wish for this policy to apply to.

     

    Cloud apps or actions 

    Include only sharepoint online 

     

    Conditions 

     Device platform 

    Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.

    Locations 

    Any location  - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.

    Client apps 

    Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms. 

    Device state 

    Include all device state but exclude compliant and hybrid joined devices from this policy

    Access controls

    block access

     

    Cheers

    Will 

     

     

     

WillSomerville's avatar
WillSomerville
Brass Contributor

AVVerifile 

 

We managed to achieve this with a separate Conditional access policy which excluded any hybrid joined device or compliant device.  Coupling this with an app protection policy to prevent any potential data leakage via copy paste etc for teams means that we have users with unmanaged devices accessing teams but not being able to potentially leak data/ access documents on devices outside of the organisation.

 

Users and groups 

specify your scope here of whom you wish for this policy to apply to.

 

Cloud apps or actions 

Include only sharepoint online 

 

Conditions 

 Device platform 

Any device - This is so it affects if a user tries to access sharepoint content via any unmanaged device.

Locations 

Any location  - did not include trusted locations due to not wanting an unauthorized device being able to access this inside the corporate network.

Client apps 

Include both browser and mobile apps and desktop clients. only tick box excluded was apply policy only to supported platforms. 

Device state 

Include all device state but exclude compliant and hybrid joined devices from this policy

Access controls

block access

 

Cheers

Will 

 

 

 

cJared978's avatar
cJared978
Copper Contributor
Jun 07, 2023
How have you advanced this policy now that Device State is deprecated?

Resources