How to create conditional access policy in Office 365 to block access for Microsoft 365 apps for Business applications from non-domain joined devices and allow only email and SharePoint.

To allow and block microsoft365 applications we would use conditional access policy for endpoints.
 

 

·        Login to https://endpoint.microsoft.com/

·        Note: Access to 365endpoint console available from https://admin.microsoft.com/ too

·        Go to Conditional Access

·        Create a new policy.

o   Name the policy.

o   Assignments section: select users or groups the policy should apply

o  

o   Cloud apps or actions

§  section, click on the "+ Include" button to add an app.

§  Select apps.

§  Search for Microsoft 365 apps for Business

o   If you want to exclude email and SharePoint from blocking, you can exclude following.

§   


o   Conditions

§  Select Device: platform you want to apply policy.

·        Exclude: If needed Android IOS and Windows Phone

§  Locations: If needed

§  Client apps: If needed

§  Filter for device: If needed

o   Access control

§  Select: Required Hybrid azure AD joined device

§  For multiple controls: required all the selected controls.

o   Enable Policy: on

·        Click Save

You will get notification: “Successfully created 'Block Microsoft 365 apps for Business on non-domain joined computers.'” ·

Comments

Post a Comment

Popular posts from this blog

How to check when Sharepoint List was created using PowerShell.

Image
While the SharePoint admin console may not offer a straightforward way to view the creation date of a SharePoint list, PowerShell comes to the rescue. In this blog post, we'll explore how you can effortlessly retrieve this information using SharePoint PowerShell. Let's dive into the steps and make list creation dates a breeze to access in your SharePoint environment. Install SharePoint module in your PS using following PS-CMD. Install-Module -Name Microsoft.Online.SharePoint.PowerShell If you want to check version of SharePoint install module using following CMD Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version Now connect SharePoint Admin center using following CMD in PowerShell. Connect-SPOService -Url https://YourAdminWebAddress.sharepoint.com If you don’t know address go to https://admin.microsoft.com/ Admin Centers and open SharePoint admin center and copy URL.   Now connect your SharePoint site using following ...
Read more

How to connect SharePoint online with SharePoint designer 2013

How to connect SharePoint online with SharePoint designer 2013 Note: If you encounter the permission error, the following steps will help you resolve it as well. Download SharePoint designer 2013 Allow custom scripting feature from SharePoint Management Shell.       Connect SharePoint Online site with SharePoint designer 2013.   Allow custom scripting feature from SharePoint Management Shell 1.        Download and Install SharePoint Online Management Shell 2.       Connect your SharePoint Admin portal to SharePoint Management shell by using following PS-CMD. if you don't have SharePoint Management Shell first please download and Install it.      Connect-SPOService -Url https://admin-domain.sharepoint.com -Credential Admin@youradminidEmailID.com      Run following CMD after connecting to allow custom scripting to connect SharePoint Designer 2013      set-SPOsite h...
Read more