Allow users to Activate / Re-Activate Office on Personal Computers with their Work account, but block being able to reach any "Previous docs" or "SharePoint" files.

Question

I can easily block access to Office.com and the OWA apps with CA policies, however using the Office 365 app in the CA policy blade then breaks the users ability to have an Activated version of Office Desktop apps (I've tested this on a VM). If I then turn off the CA policies it allows them to Activate Office, however once its back on it breaks it again.

In a perfect world they would be able to Activate their Office on their personal device up to their license quota, but not be able to access any work documents, purely a personal use scenario on an unmanaged device.

Is this possible?

OneDrive App Protection Policies for devices not enrolled doesn't work at all. Been testing it in a 21h1 Windows Pro VM with ProPlus Office licensed for my test user that the policy is 100% assigned too and has been for a few hours and it doesn't prevent a dang thing from being saved outside of OneDrive or Moved to the Desktop which is also not part of OneDrive.

Answer 1

Hi, @Dalton Reeves
After my hard research, your needs cannot be achieved.
When a user activates Office on a personal device, he can access files in his work account.Users also cannot activate with a work account if you restrict their access to the files in it.
There is currently no setting that allows users to log in outside the domain while restricting their access to files in the domain.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.