Conditional Access - Allow access to Teams, but block SharePoint Online
We have Conditional Access policies in place that require everyone accessing any of our 365 apps to do so on a compliant device. This works great. We have one small user group where it is required they have access to Exchange Online from non-managed machines. So we excluded them from the Conditional Access policy and created a new one specifically for this group that is identical, but excludes Exchange Online from the Conditional Access policy. This works great - their non-managed machines are blocked from everything except email. But then a request has come in to also allow them to access Teams meetings on these machines. We don't want them to access SharePoint Online or any other integrated apps with SharePoint - this is purely so they can jump on a call on these machines. But if Microsoft Teams is added as an excluded app in the policy, I can see in the AzureAD sign-in logs that it is continuing to match Microsoft Teams and applying the Conditional Access policy controls. Accessing Outlook continues to work just fine. I'm making an assumption that perhaps access to SharePoint Online, or maybe even some other additional services, are a pre-requisite for Teams and that's why it's matching. But I haven't found out if this is the case by Googling. Does anybody know?
SharePoint RSS Feed in Microsoft Teams
Hi I'd like to add a RSS feed of a SharePoint Online Site to a Teams Channel. When I Copy&Paste the URL: https://mySite.sharepoint.com/sites/OlisITBlog/_layouts/15/listfeed.aspx?List=xxxx%2Dxxxx%2Dxxxx%2Dxxxx%2Dxxxxx&View=xxxx%2xxxx%2Dxxxx%2Dxxxx%2Dxxxxxx or feeds://mySite.sharepoint.com/sites/OlisITBlog/_layouts/15/listfeed.aspx?List=xxxx-xxx-xx-xxxx-xxxx&View=xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx I get: Enter a valid RSS feed address. Any suggestions?
MS Teams - External Access (Federation) Conditional Access
I am familiar with setting up Conditional Access policies to block member and guest users, using named locations but can't find information on whether these policies would also be applied to federated external users of Teams - e.g. I have CAP to block non-UK access to Teams service - are Teams federated users affected by this policy? Can anyone answer this please and ideally reference the relevant Microsoft Docs article? [Update] https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/teams-access-policies?view=o365-worldwide I think this article has the answer, CAP doesn't apply to external access: External access is for an external user that does not have an Azure AD B2B account. External access can include invitations and participation in calls, chats, and meetings, but does not include team membership and access to the resources of the team. Conditional Access policies only apply to guest access in Teams because there is a corresponding Azure AD B2B account.
Conditional Access control MFA and MS Teams
Hi, We control our MFA for users via Control Access. One policy is for External Device and Non-Complaint Device (In the conditions, Hybrid Join and Complaint are excluded). This so if anyone (even a Account on tenant) uses an 'unknown' device they will be prompted for MFA, which has s sign frequency of 12 hours The problem (not really a problem in my eyes), the users have asked for MFA only to appear during setup of the Device for Outlook and Teams. I excluded outlook for the first policy and create the same policy to only include Outlook and remove the sign frequency of 12 hours, This worked for the Outlook, got the MFA during adding the account to outlook. Then I added teams to the second policy and excluded it from the first. I setup teams got the MFA prompt as expected, but the next I got the prompt for MFA for teams the next day, but not outlook, I did the same with Skype for Business (as I have with outlook and teams) included and excluded for the policy, the following days still got the MFA prompt for teams. I know teams uses different services within MS365, would I also need to exclude SharePoint? some I really don't what to do.Exclude Teams from conditional access
I found this conversation: https://answers.microsoft.com/en-us/msoffice/forum/all/microsoft-teams-and-conditional-access/6c36e213-9386-41a1-a076-7c325a4e82a2 an have the same issue. How to block all Office 365 Apps & exclude Teams? I want to block on external networks the access to SharePoint Online, but allow Teams. Is there a way to accomplish that? Thanks
Teams as exception in conditional access
I have a specific group that will have access to Teams externally, but even creating the specific exclusion for it, it is being blocked. I saw that Sharepoint Online and Exchange Online also affect Teams, however the off-line release for this group is only for Teams and not the other applications. I have another group that accesses all cloud applications, including the exclusion of the blocking policy, however for this specific group I want to release only Teams with 2FA.
