Conditional Access - block ODfB sync, but allow Teams app

AndAuf 26 Reputation points
2023-11-21T08:51:25.8333333+00:00

Hi all,

im have a problem with allowing/blocking the following:

  • Devices which are not compliant (not Intune-managed, not (hybrid) Entra joined) must not sync using ODfB client
  • The same devices which are not managed/compliant may use Teams app if they want to
  • (BYOD, Self-enrollment,... is no option. unmanaged devices stay unmanaged)

I have a CA-Policy which does the first part very well. But I have no idea how to get the second part, as both ODfB and Teams are "Office 365 SharePoint Online" and "modern auth apps" for CA. There is no specific Sync client which I could block and there is no specific Teams app I could allow. Also we have autopiloted Entra-only devices, so I cannot use "allow devices of specific domains" anymore. So how can I achieve this pretty common scenario?

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,712 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,796 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 148.1K Reputation points MVP
    2023-11-21T11:46:46.04+00:00

  2. Givary-MSFT 32,591 Reputation points Microsoft Employee
    2023-11-22T06:59:44.8+00:00

    @AndAuf Thank you for reaching out to us, As I understand you want to block Onedrive & Allow access to teams from unmanaged devices, did check with my team and performed a quick repro on this and followed the steps as mentioned here - https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices which will help to achieve your ask.

    MicrosoftTeams-image (9)

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.