Share via

how to block SharePoint access from apps on unmanaged devices without affecting teams

Vijay Ninan Abraham 0 Reputation points
2024-01-09T14:36:51.2266667+00:00

how to block SharePoint access from apps on unmanaged devices without affecting teams. When I select allow limited web-only access then it's blocking teams as well. How to only allow managed devices to sync sharepoint sites and only allow limited web-only access for unmanaged devices without affecting teams. Thanks.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,234 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
146 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,699 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 1,600 Reputation points
    2024-01-09T18:13:23.19+00:00

    Hello Vijay

    Here is the steps you can follow

    1. Sign in to the Microsoft 365 Admin Center (admin.microsoft.com).
    2. 'Navigate to the "Azure Active Directory" portal.
    3. In the left-hand menu, click on "Conditional Access."
    4. Create a new Conditional Access policy by clicking on the "+ New policy" button.
    5. Give your policy a meaningful name and describe it, if desired.
    6. Under the "Users and groups" section, select the targeted user or group who should be affected by this policy.
    7. In the "Cloud apps or actions" section, click on the "+ Include" button and choose "Select apps."
    8. From the application list, select "SharePoint Online," and any other apps you want to block on unmanaged devices.
    9. In the "Conditions" section, add the following conditions:   - Under "Device platforms," select "All platforms."   - Under "Client apps," select "Browser."
    10. Under the "Access controls" section, configure the following settings:    - For "Grant," choose "Block access."    - Check the box for "Require approved client app" and select "Yes."
    11. Scroll down and click on the "Exclude" tab.
    12. Click on the "+ Exclude" button and choose "Select apps."13. In the application list, select "Teams."
    13. Save the policy to apply the changes.
  2. Emily Du-MSFT 43,836 Reputation points Microsoft Vendor
    2024-01-10T09:54:40.0533333+00:00

    As design, Teams has following dependency on OneDrive and SharePoint, only Teams call and chat should work independently.

    So, it is not possible to allow managed devices to access SharePoint sites and allow limited web-only access for unmanaged devices without affecting Teams.

    When you set only managed devices can access SharePoint sites, then only managed devices can access Teams.

    User's image

    Reference: https://learn.microsoft.com/en-us/entra/identity/conditional-access/service-dependencies

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.