Step by Step guide & scenarios to limit access to Teams (SharePoint, Exchange, etc.) from an unmanaged device.
- Access to teams should only be possible via the browser, which has the advantage that no local log files etc. are written or data is not stored in a local device backup. This is especially important for mobile devices (iOS, Android), as these backups may be stored in further cloud services.
- Download of files should not be possible. Accessing and editing in the browser shall be possible.
- Download, access and editing of files should not be possible.
- App Restriction (SharePoint & EXO Admin Center)
- Azure AD Conditional Access
- Conditional Access App Control, as described here: Use app enforced restrictions vs. Use Conditional Access App Control
- Authentication Context, as described here: Azure AD Conditional Access | Authentication Context
Step by step guide on the example
Tips & Tricks
- It can take several minutes for a Conditional Access policy to take effect / for a change to take effect.
- For tests in which policies are changed, the following applies: Always log off, close browser / clear browser cache, wait several minutes and then log in again.