SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,593 questions
SharePoint Conditional Access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 87%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Cochran, Joel
106
Reputation points
I have a question about the CA policies that are created if you enable SharePoint Admin > Policies > Access Control > Unmanaged Devices and Apps that don't user modern authentication.
Enabling both of these creates a corresponding CA device policy, but they are applied even if a user does not have Azure AD P1 license applied. For instance, we have users with F3 licenses, but they will still receive the prompt that their org has not permitted them to download/save/print from this site. Are these two policies special and do not require a license to enforce? It's always confused me about Microsoft and what policies they'll apply, because it says you need an Intune license for app protection policies to be enforced, and it "looks" to be true. We also have a location based CA and I would assume it would be enforced on anyone...
I'm just confused on the differences of what CA policies/app protection policies can apply to our users even if the said user account doesn't have an Azure AD P1 license or Intune license.