Share via

how to block SharePoint access from apps on unmanaged devices without affecting teams

Vijay Ninan Abraham 0 Reputation points
2024-01-09T14:36:51.2266667+00:00

how to block SharePoint access from apps on unmanaged devices without affecting teams. When I select allow limited web-only access then it's blocking teams as well. How to only allow managed devices to sync sharepoint sites and only allow limited web-only access for unmanaged devices without affecting teams. Thanks.

Microsoft 365 and Office SharePoint For business Windows
Microsoft Security Intune Compliance
Microsoft Security Intune Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 2,245 Reputation points
    2024-01-09T18:13:23.19+00:00

    Hello Vijay

    Here is the steps you can follow

    1. Sign in to the Microsoft 365 Admin Center (admin.microsoft.com).
    2. 'Navigate to the "Azure Active Directory" portal.
    3. In the left-hand menu, click on "Conditional Access."
    4. Create a new Conditional Access policy by clicking on the "+ New policy" button.
    5. Give your policy a meaningful name and describe it, if desired.
    6. Under the "Users and groups" section, select the targeted user or group who should be affected by this policy.
    7. In the "Cloud apps or actions" section, click on the "+ Include" button and choose "Select apps."
    8. From the application list, select "SharePoint Online," and any other apps you want to block on unmanaged devices.
    9. In the "Conditions" section, add the following conditions:   - Under "Device platforms," select "All platforms."   - Under "Client apps," select "Browser."
    10. Under the "Access controls" section, configure the following settings:    - For "Grant," choose "Block access."    - Check the box for "Require approved client app" and select "Yes."
    11. Scroll down and click on the "Exclude" tab.
    12. Click on the "+ Exclude" button and choose "Select apps."13. In the application list, select "Teams."
    13. Save the policy to apply the changes.
  2. Emily Du-MSFT 51,836 Reputation points Microsoft External Staff
    2024-01-10T09:54:40.0533333+00:00

    As design, Teams has following dependency on OneDrive and SharePoint, only Teams call and chat should work independently.

    So, it is not possible to allow managed devices to access SharePoint sites and allow limited web-only access for unmanaged devices without affecting Teams.

    When you set only managed devices can access SharePoint sites, then only managed devices can access Teams.

    User's image

    Reference: https://learn.microsoft.com/en-us/entra/identity/conditional-access/service-dependencies

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.