1

In our company we want to limit the ability to download files/attachments from Teams/OneDrive only from devices that are enrolled in Intune. I tried to set it up using Conditional Access policy in Azure Active Directory. The issue we are facing is that this policy is working only work computers and on mobile phones test account is still able to download files with no issues.

According to the setup it should also work for mobile devices: enter image description here

I also created Defender policy, as per https://www.mcsmlab.com/blog/2022/3/16/using-microsoft-defender-for-cloud-apps-to-limit-file-downloads-to-managed-devices but got no hits on that.

Any idea what I am missing to make it work?

Marcin
  • 11
  • 1
  • Check the docs for Conditional Access policy to limit the ability to download [Grant controls in Conditional Access policy - Azure Active Directory](https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/conditional-access/concept-conditional-access-grant.md) [https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/conditional-access/concept-conditional-access-conditions.md](https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/conditional-access/concept-conditional-access-conditions.md) – Naveen Sharma Mar 10 '23 at 08:26
  • If the policy is not working on mobile phones, it may be due to a misconfiguration in the policy or the device may not be properly enrolled in Intune. You can check the device enrollment status in the Intune portal and verify that the policy is correctly configured in the Azure portal. – Naveen Sharma Mar 10 '23 at 08:26

0 Answers0