Prevent users from Syncing sharepoint document libraries from unmanaged devices

Valued Contributor

I know that i have the option to restrict sharepoint access from unmanaged devices as mentioned on this link Control access from unmanaged devices, but i do not want to do this, as users sometimes access the sharepoint sites from different external PCs, ad restricting this access can result in a lot of problems.


But i am not sure if i can have this scenario:-

Can i allow users to access SharePoint from unmanaged devices, but restrict them from Syncing the document libraries using OneDrive or OneDrive for business desktop applications? of course i want them to be able to do the sync from managed devices.


In other words can i implement this policy:-

1. Unmanaged devices. users can access sharepoint sites + can NOT Sync

2. Managed devices.     users can access sharepoint sites + can Sync.

6 Replies

@Juan Carlos González Martín wrote:
There is an option on the document library settings to do this:

but this option will work regardless if the user is syncing from managed or from unmanaged devices ? is this correct? i think your answer is not directly related to my question.

Correct, that option as you can read in the support article just hides the sync option for any user.

This thread should be deleted it in no way answers the question "Prevent users from syncing"

Would love to know if this is possible as it fits in perfectly with a zero trust philosophy.

We have over 500 volunteers using their own devices (unmanaged) that need access to SharePoint (via browser) but who present a ransomware risk if they sync SharePoint libraries.

I don't want to disable sync on the individual sites/libraries as staff using InTune managed devices still need to access files offline.