Controlling access to SPO sites from unmanaged devices
Hi I've been testing access to SPO sites from unmanaged devices (ref: https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices), both for the entire tenant and also individual sites. Something I noticed was that even with the automatically generated conditional access policies disabled, the restrictions still applied, which came as a surprise to me. I subsequently deleted the policies and tested again, toggling between AllowLimitedAccess and AllowFullAccess for an individual site, and found that the restrictions applied when set to AllowLimitedAccess. My understanding was that CA policies were needed for this to work, but I must have been mistaken. Could someone enlighten me? Thanks in advance!Microsoft Teams and Azure AD Conditional Access
Hi, I'm currently doing some testing with conditional access with SharePoint and I've hit an interesting "feature". With CA enabled the user can see the standard yellow banner across the site informing them that conditional access is employed. Opening Word/Excel etc files works perfectly and the users can't make changes or download the files. However if the file is a non-Office document i.e. a text file the user gets a "Access Blocked" message. Is this because the inbuilt SharePoint text editor downloads the file to the PC before editing or is there something else going on? Cheers Rob
Guests cannot download files shared with OneDrive (conditional access policies)
We have enabled 'Allow limited, web-only access' for unmanaged devices in Sharepoint (https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices?redirectSourcePath=%252farticle%252f5ae550c4-bd20-4257-847b-5c20fb053622). I thought that this setting is linked with conditional access policies but it seems to be applied for all guest users. This setting creates 2 conditional access policies. I changed the user assignments to exclude guests. This doesn't work. Is there an option to exclude guests so they can download shared files to an unmanaged device? We block downloading files from OneDrive and Sharepoint on non hybrid AD joined devices. We only want to do this for internal users. If we share with external users, it is the responsability of the guest to keep de downloaded documents safe.
