Forum Discussion
Block Gmail app to connect to EXO
Hi all,
We are implementing the Outlook app as default mail app on iOS and Android devices. So far, so good.
But with testing the CA policy with approved client apps and approved app protection policy on, we see that the Gmail app is able to connect to EXO. The Gmail is not an approved app, according to Microsoft (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-approved-client-app), but is still able to connect. I know that the Gmail app is using Modern Auth these days.
Any ideas how we can block the Gmail app from connecting to EXO?
Oké guys.
Thanks for your support, but it is resolved.
Gmail is indeed using the old legacy IMAP protocol to connect to EXO.
But it took some time that the CA was working.
So this one is solved and closed.
- Cian AllnerSilver Contributor
Hi, are you following this process which is meant to do the job - Block all email apps except Outlook for iOS and Android using conditional access, is there any difference with how you have it set up currently?
- JeroenBurgerhoutIron Contributor
- Moe_KinaniBronze ContributorI think Gmail is still using IMAP to connect to O365.
- JeroenBurgerhoutIron Contributor
Oké guys.
Thanks for your support, but it is resolved.
Gmail is indeed using the old legacy IMAP protocol to connect to EXO.
But it took some time that the CA was working.
So this one is solved and closed.
- VirreCopper Contributor
JeroenBurgerhout Hi. How did you resolve it ?
- JeroenBurgerhoutIron Contributor
Hi Virre ,
First you have to follow steps 1 and 2 from this link -> https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-conditional-access#scenario-1-office-365-apps-require-approved-apps-with-app-protection-policies
Second, follow this doc -> https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication and then use a test user to test this CA policies.
But it could be that you have to wait for a couple of hours, until the policies are working. I had it in my case. Test it also on iOS and Android devices with their native mail apps and the Gmail app.
If you have any questions, let me know.