Forum Discussion

PKlapwijk's avatar
Dec 15, 2016

Restrict email access to Exchange Online

Hi all,

 

I have a situation of a customer without an on-prem Active Directory, only using some cloud apps, like Office 365.
They want to block access to (in first place) e-mail on non managed devices. I know I can use Conditional Access policies to set this up for mobile devices (the new Intune MAM) policies, but how can I block access to Exchange Online by using Outlook on non-managed devices? I`ve been reading articles about this, but that always ends up using ADFS and that is not possible for this customer.

 

The customer is running Windows 7 and 10, but t is ok if this solution is only going to work with Win10 (Azure AD joined/ Intune enrolled), than we upgrade al devices.


Is there anybody to advice me how to set this up, or point me in the right direction?

 

Thank you!

Regards,

 

Peter

    • PKlapwijk's avatar
      PKlapwijk
      MVP

      Thanks VasilMichev Was playing with that new options yesterday. It does block OWA and the Win10 build-in mail app, but does not block Outlook. Maybe I`ve done something wrong in my setup, but I`ve not been able to block Outlook on non-managed (not domain joined) Windows devices yet.

      • PKlapwijk's avatar
        PKlapwijk
        MVP

        I have enabled modern authentication for Exchange Online.
        It now shows me a message access is blocked when I try to connect using Outlook, but is does that on a domain joined device as well. So I have no access to Exchange Online anymore with my test users. 

Resources