As a SharePoint or global admin in Microsoft 365, you can block or limit access to SharePoint and OneDrive content from unmanaged devices (those not hybrid AD joined or compliant in Intune). You can block or limit access for:
All users in the organization or only some users or security groups.
All sites in the organization or only some sites.
Blocking access helps provide security but comes at the cost of usability and productivity. When access is blocked, users will see the following error.
The experience when access is blocked
Limiting access allows users to remain productive while addressing the risk of accidental data loss on unmanaged devices. When you limit access, users on managed devices will have full access (unless they use one of the browser and operating system combinations listed below). Users on unmanaged devices will have browser-only access with no ability to download, print, or sync files. They also won't be able to access content through apps, including the Microsoft Office desktop apps. When you limit access, you can choose to allow or block editing files in the browser. When web access is limited, users will see the following message at the top of sites.
The experience when web access is limited
Note
Blocking or limiting access on unmanaged devices relies on Azure AD conditional access policies. Learn about Azure AD licensing For an overview of conditional access in Azure AD, see Conditional access in Azure Active Directory. For info about recommended SharePoint access policies, see Policy recommendations for securing SharePoint sites and files. If you limit access on unmanaged devices, users on managed devices must use one of the supported OS and browser combinations, or they will also have limited access.