To restrict Microsoft Teams from working when a user is off the corporate Wi-Fi network using Microsoft Intune, you can utilize Conditional Access policies. Conditional Access allows you to define access rules based on specific conditions, such as network location, device compliance, or user group. By creating a policy that restricts access to Teams when off the corporate Wi-Fi, you can ensure that the application can only be used within the authorized network.
Here's a step-by-step guide to achieving this:
Sign in to the Microsoft Azure portal (portal.azure.com) with your Intune administrator account.
Navigate to the "Azure Active Directory" service.
In the left-hand menu, select "Conditional Access."
Click on "New policy" to create a new Conditional Access policy.
Provide a meaningful name for the policy.
Under the "Assignments" section, specify the user or group you want to apply the policy to. For example, you can choose specific users or an entire user group.
Under the "Cloud apps or actions" section, select "All cloud apps."
In the "Conditions" section, click on "Client apps" and then select "Microsoft Teams."
Click on "Locations" and then select "Include" and "Any location."
Under the "Exclusion" tab, select "Any location" and choose "Exclude."
Click on the "Configure" button and select "Any location" again.
Under "Condition access state," choose "Not configured."
Save the changes to create the policy.
Once the policy is created and applied, it will restrict access to Microsoft Teams when users are not connected to the corporate Wi-Fi network. Users will only be able to use Teams when they are on the authorized network.
It's important to note that setting up Conditional Access policies requires an active Azure AD Premium or Enterprise Mobility + Security (EMS) license. Additionally, it's recommended to thoroughly test and evaluate the policy before enforcing it on your production environment to ensure it aligns with your organization's requirements.