Control or restrict access to documents on unmanaged devices
Earlier I wrote a blog post to block O365 files from being downloaded by an unknown device. We did this with the preview option within conditional access of Azure AD. In SharePoint or OneDrive for business this option also exists. In this blog we will go through the options and the differences. Also readcertainly the Azure AD security standards and in 15 steps to a digital workplace with Microsoft 365 E3 or E5.
Why limit access? Today, we use document data 'differently' than in the past. In the past, we had one fileserver and handled document data in a relatively natural way. It was not so obvious to share documents except by e-mail. Attachments were not allowed to be large, often up to 10 mb. Today, there is a range of technological solutions for every challenge. Today, everyone is able to host their personal drive or organisation on private platforms. And then the question is: Do you want that?
Start in the SharePoint portal
In the SharePoint portal, under Policies - Access control - Unmanaged devices, you have the possibility to choose these 3 options:
Full access, Limited access or Block access.
In this case we will choose Block limited web access.
Conditional access is giving access on conditions. An example is shown below.
You have just created this policy through the changes in the SharePoint control panel.
You can see that this policy ensures that only the browser and modern authentication clients can connect to the above services.