Control or restrict access to documents on unmanaged devices
Previously, I wrote a blog post to block downloading O365 files to an unknown device. We did this with the preview option within conditional access of Azure AD. In SharePoint or OneDrive for business, this option also exists. In this blog we will briefly go through the options and through the differences. Also read definitely the Azure AD security standards and in 15 steps to a digital workplace with Microsoft 365 E3 or E5.
Why limit access? Today we use document data "differently" than we used to. We used to have one file server and handle document data relatively mature. It was not so obvious to share documents except by e-mail. Attachments could not be large, often up to 10 mb. Today there is a range of technological solutions for every challenge. Everyone today is able to host their personal drive, or organization on private platforms. And then the question is: Do you want to?
Start in the SharePoint portal
In the SharePoint portal, under Policies - Access Control - Unmanaged Devices you have the option to choose these 3 options:
Full access, limited access or block access.
In this case, we choose block restricted web access.
Condition access is giving access on conditions. An example is shown below.
You just created this policy through the changes in the SharePoint control panel.
You can see that this policy ensures that only the browser and modern authentication clients can connect to the above services.