Forum Discussion
Ashish Mangtani
May 15, 2018Copper Contributor
block attachments on outlook mobile application
I have ran the below command and this has blocked attachments from being downloaded on default mail app, however its not working on Outlook Mobile application. Users are still able to download attach...
- May 15, 2018
This can be done, but it will depend on your licensing. You will have to control the app with MAM via Intune. Then you can set policy for Outlook, SharePoint app, OneDrive, etc.
If you are looking for broader protection capabilities beyond what’s included in Office 365, you can subscribe to Microsoft Intune, which is part of the Microsoft Enterprise Mobility Suite. Intune provides mobile application management (MAM) capabilities for Outlook and other Office mobile apps in addition to the conditional access and device management capabilities outlined above. With Intune MAM, you can restrict actions such as cut, copy, paste, and “save as” of corporate data between Intune-managed apps and apps that are not managed by Intune. Additionally, the Intune-managed Outlook apps include a new multi-identity management feature that enables users to access both their personal and work email accounts in the same Outlook app while only applying the Intune MAM policies to the user’s work account –
this provides a much more seamless user experience.
Losercore
Microsoft
Feb 07, 2019Thanks for your response. The answer is more than just a point product like Intune. EMS will allow for what you want with a combination of:
- Intune MAM policies
- Intune App Protection Properties and Windows Information Protection (Prevent copy paste of business data to non-business apps
- Azure AD Session Limits for Conditional Access (Prevent download in SharePoint, OneDrive and Exchange)
Some resources to help
- Azure AD Premium Conditional Access and Session Controls
- BRK3009 - Accelerate deployment and adoption of Microsoft Information Protection solutions (Video)
- BRK3002 - Understanding how Microsoft Information Protection capabilities work together to protect sensitive information across devices, apps, and services
fdebout
Feb 08, 2019Copper Contributor
I don't understand how Information Protection comes into play in that scenario.
The application protection policy is from what I understand replacing ActiveSyncMailboxPolicy for managed Apps such as Outlook.
I do also have conditional access policies set to only allow connections to Exchange from iOS & Android using a Managed Application only but this isn't enough we are still missing a setting to control email attachments.
Like I said have a policy disallowing users from saving an email or attachment is completely pointless if you can just forward it to another email account and do it from there.
- Naveen_PandeyMar 23, 2020Copper Contributor
Hi fdebout ,
I have the same issue where I need to block forwarding of attachments from Outlook mobile app using Intune. I have opened a case with support but no solution yet.
Have you found any solution for it?
- ctgreenNov 03, 2023Copper Contributor
Naveen_PandeyDid you end up finding a solution to this?
- Naveen_PandeyMar 28, 2024Copper Contributor
Microsoft says that we cannot currently block users from sending or forwarding emails with attachments from the Outlook app. The only thing that we would be able to edit in regards to the attachments included in emails is if the user can save it onto their device or not. You can block your users from doing so by using Conditional Access. Below I have attached further information on how you can use Conditional Access to block your users from downloading/saving attachments from Outlook on managed devices:
This includes the instructions on how to create App-based Conditional Access policies. Here you will be able to block your users from downloading attachments from the Outlook application:
https://docs.microsoft.com/en-us/mem/intune/protect/app-based-conditional-access-intune-create
To block the attachments specifically, you would need to go to the 'Session' blade when creating a new Conditional Access Policy and select 'User Conditional Access App Control'. From the drop-down menu, you need to select 'Block Downloads'. I have attached a screenshot of how it would appear below: