none
Restrict Access to the native mail app with conditioanl access

    Question

  • Hello,

    I'm just wondering if i can restrict the users from accessing their email by outlook and the native mail app using the conditional access policy on Azure since as per my test i received the enrollment notice on just the outlook and the user was able to access his email using native mail app without issue.




    Wednesday, July 19, 2017 3:47 PM

Answers

  • Hi,

        I think this should not be a normal behavior, the end-user should also receive the enrollment notice when they connect via native mail client if you deploy CA policy correctly. How did you configure the CA policy? Which mail app did you use in your organization (IOS, Anroid, Windows)?

    Regards,

    Jimmy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 20, 2017 11:47 AM
    Moderator

All replies

  • Yes you can block the native mail app and only allow Outlook. See the MAM conditional access for Exchange Online https://docs.microsoft.com/en-us/intune-classic/deploy-use/mam-ca-for-exchange-online

    In https://portal.azure.com go to Intune App Protection, select Exchange Online under Conditional Access, then select Allow apps that support Intune app policies.

    Wednesday, July 19, 2017 11:21 PM
  • Hi,

        I think this should not be a normal behavior, the end-user should also receive the enrollment notice when they connect via native mail client if you deploy CA policy correctly. How did you configure the CA policy? Which mail app did you use in your organization (IOS, Anroid, Windows)?

    Regards,

    Jimmy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 20, 2017 11:47 AM
    Moderator
  • For Stopping the access from the native client you need to block access using Active Sync however be careful while you block active sync its global setting if you block it then its blocked for whole organization.
    Wednesday, July 26, 2017 6:34 AM
  • Yes the polices wasn't configured correctly but it works now i have just to create a separate policy for each scenario, thanks Jummy.
    Monday, August 28, 2017 7:03 AM
  • Conditional Access – Require approved client app is inpreview see, https://osddeployment.dk/2017/08/31/conditional-access-on-approved-client-app/

    good luck!

    Friday, September 01, 2017 3:24 PM
  • Hi, 

    can you please guide where can we do this?


    Meena, MDM SME

    Friday, November 10, 2017 1:32 PM