Sharepoint online and Conditional access

Question

I have conditional access applied to SharePoint online which only allows browser based access from unmanaged devices.
When I invite a guest user to access my SPO site what can they do.

According to me:
They can view and edit document (if edit rights are provided)
They cannot download or upload a document.

Please let me know what you think.

Answer 1

Hi @Jay Singh ,

If you want to limit users in your SharePoint Online site can view and edit without uploading or downloading documents, please refer to the following steps:

1.Create a custom permission level:
Go to Settings -> Site permissions -> Advanced permission settings -> Permission Levels in Ribbon -> Add a Permission Level:

2.Select the base permissions you want to include in this permission level.

Please remember to uncheck “Open items”, per my test, this permission decides whether users can download documents in your site.

If I grant users with a permission level including “Open items”, the users can download documents:

If I grant users with a permission level excluding “Open items”, the users cannot download documents:

3.Create a group in Advanced permission settings:
Give the permission level you created above to this group:

4.Add guest users to this group. Then the guest users can view and edit documents but can’t upload or download a document under this permission level.

I hope this information has been useful, please let me know if you still need assistance.

---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

The conditional access allows the devices to access the web app. But the settings to check what guest users can actually do you have to set in Sharepoint itself.
See:
https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices#limit-access