Forum Discussion

KurtisM1990's avatar
KurtisM1990
Copper Contributor
May 16, 2022

Block Unmanged Outlook Access

We're wanting to block end users from logging into the standard unmanaged Outlook application downloaded directly from the App Store or the Play Store for iOS or Android.  

 

How do we set it so that an end user can only login to their corporate mail via Outlook if that particular device is within InTune? 

 

Is it a compliance policy or conditional access? Best practice appreciated. 

  • Mr_Helaas's avatar
    Mr_Helaas
    Steel Contributor

    Hi KurtisM1990,

     

    To allow outlook only for managed devices you should enroll the device in Intune assign a compliance policy to the devices, so they will be marked as compliant in Intune.

     

    Now managed devices have the right status we have to block unmanaged devices via a conditional access rule. Configure the condition that only compliant devices are allowed. 

    tip: scope this conditional access policy to only iOS and android. So this policy is not applicable on e.g. windows devices. 

    Another option is to configure mobile app protection policies so it doesn’t matter if the device is managed. All office applications are managed and secure. 

    If you have questions, please let me know.

     

    kind regards,

     

    rene 

Resources