I have implemented MFA and registered personal devices to access organization data and applications. Now users can access organization apps on personal devices, i want to restrict document uploads from the managed devices. Users should not be able to upload files from personal devices to application such Onedrive/ SharePoint etc.
Asked
Active
Viewed 1,035 times
1 Answers
0
here are your options: https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices at the bottom under advanced, there is option to limit editing from browser, this may be sufficient to what you are seeking.
According to here. personal devices as long as they are not marked compliant, then they are considered unmanaged. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/require-managed-devices#managed-devices
alphaz18
- 2,610
- 1
- 5
- 5
-
i just want to re-iterate i want to block upload from managed devices and not from unmanaged devices. – Mayuresh Jaiswal Jun 16 '20 at 05:41
-
that is not currently possible. you would then have to block upload from all devices then. conditional access lets you prevent certain functionality and policies from a wide variety of conditions, such as devices not marked compliant. which would make them unmanaged. – alphaz18 Jun 16 '20 at 15:04
-
So you mean using condition access also we can block upload for all managed devices? – Mayuresh Jaiswal Jun 16 '20 at 15:44
-
no. but you can block all access to onedrive through conditional access. if you wanted granular access control like that to onedrive for specific devices, you would probably have to use something like intune, that gives you more granular control. – alphaz18 Jun 16 '20 at 16:01
-
i just want to restrict upload of any file from managed device to all of the O365 products (Outlook, Onedrive, Sharepoint etc), so it this possible – Mayuresh Jaiswal Jun 16 '20 at 16:08
-
No. there are no policies available to "block upload to office 365" to Managed devices. there are various other policies and tools microsoft provides so that you can create like prevent sync or that sort of thing or block access through web browser etc. – alphaz18 Jun 16 '20 at 17:06