question

Srini-4386 avatar image
0 Votes"
Srini-4386 asked Srini-4386 commented

Control access from unmanaged devices for a specific SharePoint Site

Control access from unmanaged devices


Guys,

I want to "Block or limit access to a specific SharePoint site " and when i try to create the Azure app restrictions using below instructions my policy not created and the screen remains there forever. Has any one tried this ?

final step says "validating policy" and stays there forever

PFA screen shot


https://docs.microsoft.com/en-US/sharepoint/control-access-from-unmanaged-devices#block-or-limit-access-to-specific-sharepoint-site-collections-or-onedrive-accounts


  1. Manually create a policy in the Azure AD admin center by following the steps in Use app-enforced restrictions.88864-cond-policy.jpg


office-sharepoint-onlineoffice-sharepoint-server-administration
cond-policy.jpg (115.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JerryXu-MSFT

0 Votes 0 ·

1 Answer

JoyZ avatar image
0 Votes"
JoyZ answered Srini-4386 commented

Hi @Srini-4386,

I could reproduce your issue per my test.

It seems that it's necessary to configure "Grant" section for the first creation of the policy.

88918-image.png

As a workaround, choose "Block access" under Grant selection, then enable the policy and select Create.

After the policy has been created successfully, click the policy, switch to Grant Access with 0 controls selected, then save the policy again.

88919-image.png


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (1.9 KiB)
image.png (24.8 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Julie,

Thanks for your response. Here is the use case i was trying in my Test env and no Intune or any compliance policies in the Test env .


Allow limited, web-only access

  1. I don't want to set the above setting at Org level. I'm testing for a single user.

  2. So when the user logs in to a specific SP site using chrome web browser, user will see a banner saying "Cannot print, sync or download due to policy..."

So in this case how to achieve this please advise which control we need to use ?

89321-unmanaged-devices.jpg

89284-label.jpg


0 Votes 0 ·
label.jpg (31.4 KiB)

And also cannot save "Grant access" without selecting any one control


89260-sp-policy.jpg


0 Votes 0 ·
sp-policy.jpg (88.8 KiB)

Julie ive managed to fix and it was working fine now. Actually i set the condition to browser and settings are not saved immediately i have to go back and forth as you said.

Seems like it was in Preview but not sure.

Thank you

0 Votes 0 ·