im have a problem with allowing/blocking the following:
- Devices which are not compliant (not Intune-managed, not (hybrid) Entra joined) must not sync using ODfB client
- The same devices which are not managed/compliant may use Teams app if they want to
- (BYOD, Self-enrollment,... is no option. unmanaged devices stay unmanaged)
I have a CA-Policy which does the first part very well. But I have no idea how to get the second part, as both ODfB and Teams are "Office 365 SharePoint Online" and "modern auth apps" for CA. There is no specific Sync client which I could block and there is no specific Teams app I could allow. Also we have autopiloted Entra-only devices, so I cannot use "allow devices of specific domains" anymore. So how can I achieve this pretty common scenario?