So, is there possible to enforce, or at least detect if files uploaded on Microsoft Team, outlook (enterprise) is only downloadable on company provided device ?
If possible, please show me how to do so.
Please get yourself an actual IT team. This is basic conditional access policy configuration for an Azure tennant.
Microsoft has learning materials available on this. It’s part of their free Azure Admin online learning courses.
Why are you asking this here? This is meant more for asking about thoughts and experiences rather than tech support. You’d probably have better luck in a more technical community (or just googling it). You may still get some answers though 🤷
Yet it seemingly doesn’t break the rules of the sub. 🤷
It absolutely breaks several rules. It’s not an open ended question nor is it a topic of discussion.
Rule 5: must be a topic of discussion
This is not a subject of discussion. It’s just OP saying “help me do my job pls”
Are you the admin on your Teams team? Do you have access to the Advanced Directory/Azure Domain controls?
If not, you’re going to have to have an admin do any kind of set up of that type.
The first major issue is that looks like most download controls in Teams are on a per-user basis, meaning that the easiest way to block downloads is to deny the user access from downloading entirely.
It seems like there are options for Android management that allow you to block an Android device from downloads as well.
https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy-settings-android
But I can’t seem to find anything on blocking specific other devices from downloads, and all the stuff I’m digging up circles back around to blocking the user from downloading entirely, instead of blocking them on a per-device level.
This one shows that they have admin options like this:
“5. Under “Actions”, select “Block access” and choose the conditions you want to apply (e.g. “Block access when user is outside of company network”).”
So perhaps in the admin settings there’s more fine-grained options like this? I still don’t see references to blocking per-device, just stuff like being outside the enterprise network.
This makes it sound like the solution is actually in SharePoint
This is the closest I found to an answer, and it still seems like it’s not 100% of what you’re asking for, but maybe?
very helpful resource, thank you
Why not just block access to Teams and other m365 apps via conditional access from non-managed devices then?
You can always “download” any content you’re viewing on the device, in fact you need to do so in order to view it.
Say, you don’t want a word document containing price sensitive information being downloaded, but someone with access to view the document on a non-managed device can just screenshot it. Or to be honest, just take a photo from a screen of a managed device.