Forum Discussion
PKlapwijk
Dec 15, 2016MVP
Restrict email access to Exchange Online
Hi all,
I have a situation of a customer without an on-prem Active Directory, only using some cloud apps, like Office 365.
They want to block access to (in first place) e-mail on non managed devices. I know I can use Conditional Access policies to set this up for mobile devices (the new Intune MAM) policies, but how can I block access to Exchange Online by using Outlook on non-managed devices? I`ve been reading articles about this, but that always ends up using ADFS and that is not possible for this customer.
The customer is running Windows 7 and 10, but t is ok if this solution is only going to work with Win10 (Azure AD joined/ Intune enrolled), than we upgrade al devices.
Is there anybody to advice me how to set this up, or point me in the right direction?
Thank you!
Regards,
Peter
Conditional access is not only tied to devices, you can have criteria such as location (IP range). Incidentaly, they just added this blade in the new Azure portal so you can see fresh screenshots here: https://blogs.technet.microsoft.com/enterprisemobility/2016/12/15/conditional-access-now-in-the-new-azure-portal/
Thanks VasilMichev Was playing with that new options yesterday. It does block OWA and the Win10 build-in mail app, but does not block Outlook. Maybe I`ve done something wrong in my setup, but I`ve not been able to block Outlook on non-managed (not domain joined) Windows devices yet.
I have enabled modern authentication for Exchange Online.
It now shows me a message access is blocked when I try to connect using Outlook, but is does that on a domain joined device as well. So I have no access to Exchange Online anymore with my test users.