Hello , I trying for a few days to enable correct a Conditional Access Policy that blocks attachments to download.
I managed to block attachment in owa but still have the option to save it to one drive.
In windows i have the option to save it locally or in OneDrive. In mobile app i have the option to save it to device.
The conditional access policy
You need to enable this on the Sharepoint side which will create the Conditional Access policy
https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices
ok that solved the problem in owa but in device still have the option to download it and in outlook windows too.
Try to use “Set-ActiveSyncMailboxPolicy” command to block attachment from downloading:
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello and thank you for your answers!!!
I have already done this procedure.
Ok maybe i don't ask the right questions... now I'm confused.
the question is what is the right procedure to block attachments from any device (web, windows app, mobile app ) ?
Thank you again.
Hi, thats not the correct setting if using Conditional Access.
If you want to block using OWA, follow:
https://petri.com/conditional-access-blocks-office-365-downloads
If you want block on mobile devices, look at Cloud App Security:
https://docs.microsoft.com/en-us/cloud-app-security/use-case-proxy-block-session-aad
Hello in mobile devices and outlook in windows still cannot block attachment only.
I created an access and session policy just to be sure but with the same results 
If so, why not use transport rule to block email which contains attachment directly:
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yes but the user hasn't the opportunity to view the attachment. I want the users to preview their files but not download them from anywhere.
In this situation, I would suggest you confirm with AAD forum. Whether could manage all devices with a Azure device policy.
Here are information about which could done in Exchange online side: Read Only And Attachment Download Restrictions in Exchange Online
Hello I created a ticket in Microsoft. They told me that in outlook windows application cannot be managed via cloud service the only thing it can be done is from registry to block attachments. So for the Outlook mobile does not use ActiveSync anymore and many of the restrictions doesn't work.
10 people are following this question.
