BradleyD.84511 (Customer) asked a question.
O365 - Limit application access (Allow access to Teams but lock down others). Company vs personal device.
Like the title mentions.
I'm looking into options that we have to lock down access to the whole 365 suites, but still allow access to MS Teams.
EG, we allow BYOD access to MS Teams, but we want to prevent access to OneDrive/Emails etc. We already have a mobile policy in Exchange to quarantine new devices, but this won't prevent Windows/Mac laptops/PCs from being added as it stands.
I've considered IP Whitelisting to the office only, but we want company devices to have access to Emails/Sharepoint.
Has anyone else worked on something similar/know of any potential solutions?
Would love to know thoughts on this.
TIA - Brad.
Hi @BradleyD.84511 (Customer) , Thank you for reaching out to the Okta Community!
From the Okta side you can manage:
> permissions based on the License granted to the users which may or may not include other apps than Teams
OR
> set Client access rules via the app level sign on rules: https://help.okta.com/en-us/Content/Topics/Apps/Office365/References/o365-sign-on-rule-options.htm
That being said, none of those would really satisfy your requirements. The options that you are looking for are more on an App/SP level. Perhaps Azure AD Conditional Access can help with that: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
The Okta Community November newsletter is here. Get product updates and see our top contributing members.