We're deploying Office365 to our site and there are some security concerns that would like to be addressed.
For example, we would like to lock down onedrive so that most users cannot use it, whereas a few users might be given the permission to use it.
I thought that this would be handled with conditional access policies. However, when I navigate through the o365 admin, security & compliance center and try to setup a policy to block OneDrive, it does not come up as an option when looking at "cloud apps" from which I can choose to block/allow access.
Am I looking in the wrong spot? Is OneDrive not considered a "cloud app"?
Other things we would like to do include limit those who can receive their email on their mobile devices... this too I thought could be accomplished with a conditional access policy, but I see nothing for exchange in the options.
I would appreciate if somebody might be able to steer me in the correct direction here. Thank you
For OneDrive:
Well, OneDrive is a cloud app, but it is not a unique/single cloud app, OneDrive is part of SharePoint, so if you want to block it, you have to block the app name "Office 365 SharePoint Online".
For referencing: https://docs.microsoft.com/en-us/microsoft-365/enterprise/sharepoint-file-access-policies?view=o365-worldwide
For Exchange:
There is an Exchange option, you probably just didn't see it, it's called "Office 365 Exchange Online".
Here's a step by step guide to control access to SharePoint and Exchange: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-conditional-access
In fact, here's a list of all the apps available using Conditional Access Policies: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps