I’m testing blocking the Office apps on unmanaged devices so users cannot use them to download sensitive data. While I have had success with preventing users from licensing their Office apps or setting up OneDrive syncing, unfortunately it isn’t blocking apps that are already setup. So licensed Office apps can still browse to Sharepoint, and open a file, email is still delivered in Outlook and file changes in OneDrive still sync in both directions. I want to stop all existing connections in their tracks with this policy.

The Access policy is setup with the following:

Device not equal to Hybrid Entra Joined…User account equal to mineApp equals Microsoft 365Client app equals Mobile and desktopDevice equals PCBlock and display a customised message

I have a separate Session policy that is blocking cut,copy,print,& download activities in a web browser.

Can anyone explain why it isnt working as I would expect?

Thanks for any help.

​I’m testing blocking the Office apps on unmanaged devices so users cannot use them to download sensitive data. While I have had success with preventing users from licensing their Office apps or setting up OneDrive syncing, unfortunately it isn’t blocking apps that are already setup. So licensed Office apps can still browse to Sharepoint, and open a file, email is still delivered in Outlook and file changes in OneDrive still sync in both directions. I want to stop all existing connections in their tracks with this policy. The Access policy is setup with the following:Device not equal to Hybrid Entra Joined…User account equal to mineApp equals Microsoft 365Client app equals Mobile and desktopDevice equals PCBlock and display a customised messageI have a separate Session policy that is blocking cut,copy,print,& download activities in a web browser. Can anyone explain why it isnt working as I would expect? Thanks for any help.  Read More

​