Forum Discussion
Block e-mail configuration on IOS
Hi Paulo
Edit: As I was typing this I've just tested this on my device and it seems that Gmail app on iOS does indeed allow users to set up their Office 365 mail, even if Conditional access requires the use of an approved app AND blocks ActiveSync connections. I'm going to raise this with Premier Support to investigate.
You want to take a look here and make sure your conditional access policies are set up correctly: https://docs.microsoft.com/en-us/intune/exchange-online-protect
Essentially, you need to set up one Conditional Access policy that forced iOS and Android users to use approved apps only (i.e. Outlook).
Then set up a second Conditional Access policy that blocks the use of Activesync on iOS and Android for accessing Exchange Online.
So long as you ensure that ActiveSync connections are blocked, then it should prevent the Gmail app on iOS devices from being used.
Hy Daniel,
I tried to create the second CA rule but I receive a message:
What could be ? the message don't have any link to explain why the configuration is not supported.
Thanks!
- Hi Paulo. Can you post what settings you configured?
Follow my settings:
- Hi Paulo
Yup, all looks good to me. I've got the same settings (except we allow users to access email without enrollment so devices don't need to be marked as compliant for us).
After further investigation, it appears that Gmail is using IMAP to access Exchange Online, which would explain why this policy doesn't pick it up.
At that point I'm not sure what can be done. I'm waiting to hear back from Premier Support on the issue to see what the official advice is.