Any help from this?
Conditional Access - block ODfB sync, but allow Teams app
Hi all,
im have a problem with allowing/blocking the following:
- Devices which are not compliant (not Intune-managed, not (hybrid) Entra joined) must not sync using ODfB client
- The same devices which are not managed/compliant may use Teams app if they want to
- (BYOD, Self-enrollment,... is no option. unmanaged devices stay unmanaged)
I have a CA-Policy which does the first part very well. But I have no idea how to get the second part, as both ODfB and Teams are "Office 365 SharePoint Online" and "modern auth apps" for CA. There is no specific Sync client which I could block and there is no specific Teams app I could allow. Also we have autopiloted Entra-only devices, so I cannot use "allow devices of specific domains" anymore. So how can I achieve this pretty common scenario?
2 answers
Sort by: Most helpful
-
-
Givary-MSFT 32,591 Reputation points Microsoft Employee
2023-11-22T06:59:44.8+00:00 @AndAuf Thank you for reaching out to us, As I understand you want to block Onedrive & Allow access to teams from unmanaged devices, did check with my team and performed a quick repro on this and followed the steps as mentioned here - https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices which will help to achieve your ask.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.