MDM License requirements.

cbraafhart Hi, there are various options, the first to check out is the following:

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#leveraging-mobile-device-management-for-office-365

Note the limitations mentioned but however this is available with Office 365 Business Essentials license at no extra cost:

"Because this is a device management solution, there is no native capability to control which apps can be used even after a device is enrolled. If you want to limit access to Outlook for iOS and Android, you will need to obtain Azure Active Directory Premium licenses and leverage the conditional access policies."

Microsoft 365 Business (at extra expense) would be the best option which includes Microsoft Intune and Azure AD Premium (which can be also bought separately as an add-on), this opens up much more control:

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#block-all-email-apps-except-outlook-for-ios-and-android-using-conditional-access

You can also Intune app protection policies for additional security too, including for personal devices that aren't enrolled:

http:// https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#protect-corporate-data-in-outlook-for-ios-and-android-using-intune-app-protection-policies

Selective app-based wipe is also available as outlined https://docs.microsoft.com/en-us/intune/apps/apps-selective-wipe. 

This can also similarly be applied not only to email but SharePoint, OneDrive, Teams etc.  If you are new to Conditional Access this is a https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview!