Microsoft Teams to only work when at office and not when you leave the office

Question

We are working on a project to roll out Microsoft Teams to a subset of employees at our hospital. We will be using InTune to control their personal devices but what we want is to have it so Microsoft Teams will only work when they are in the facility and on our WIFI. When they leave, it shouldn't work. We are able to lock the app down so it won't open when they are not on our network via policies but the problem is that the new message alert still pops up when there is a new message and therefore defeats the whole purpose. What we want is to have it so when they leave the facility to go home for the night, they are not bugged with work stuff and then it would come back online when they arrive back the following day and connect to Wifi.

We can't seem to block new message notifications when they are not in the facility.

is that possible?

Answer 1

To restrict Microsoft Teams from working when a user is off the corporate Wi-Fi network using Microsoft Intune, you can utilize Conditional Access policies. Conditional Access allows you to define access rules based on specific conditions, such as network location, device compliance, or user group. By creating a policy that restricts access to Teams when off the corporate Wi-Fi, you can ensure that the application can only be used within the authorized network.

Here's a step-by-step guide to achieving this:

Sign in to the Microsoft Azure portal (portal.azure.com) with your Intune administrator account.

Navigate to the "Azure Active Directory" service.

In the left-hand menu, select "Conditional Access."

Click on "New policy" to create a new Conditional Access policy.

Provide a meaningful name for the policy.

Under the "Assignments" section, specify the user or group you want to apply the policy to. For example, you can choose specific users or an entire user group.

Under the "Cloud apps or actions" section, select "All cloud apps."

In the "Conditions" section, click on "Client apps" and then select "Microsoft Teams."

Click on "Locations" and then select "Include" and "Any location."

Under the "Exclusion" tab, select "Any location" and choose "Exclude."

Click on the "Configure" button and select "Any location" again.

Under "Condition access state," choose "Not configured."

Save the changes to create the policy.

Once the policy is created and applied, it will restrict access to Microsoft Teams when users are not connected to the corporate Wi-Fi network. Users will only be able to use Teams when they are on the authorized network.

It's important to note that setting up Conditional Access policies requires an active Azure AD Premium or Enterprise Mobility + Security (EMS) license. Additionally, it's recommended to thoroughly test and evaluate the policy before enforcing it on your production environment to ensure it aligns with your organization's requirements.

Answer 2

From my experience and please correct me if I'm wrong but conditional access will only apply when authenticating it seems like Colin is wanting Teams app to become silent or logout when no longer connected to corporate network. Unfortunately I don't think that is possible.

The users will need to know how to turn off notifications when they leave work a quick way would be show the end user how to turn (teams) app notifications off usually doable in less than few seconds if they don't want to be disturbed with work notifications it is worthwhile for them to know how to do it.