How to stop users connecting to things with their work account from personal mobile

Question

Hi all,&nbsp;&nbsp;Not entirely sure how to word the title/subject but just wondered. If i wanted to stop myself from opening up my work email and calendar from the Outlook app on my personal mobile (because its not enrolled in Intune) how do i do that?I'm guessing its something to do with MAM? but unsure on what i need to set it up or if we did want it how do we keep control over that bit? like delete data if a person leaves the company?

christianbergstrom · Answer

RippieUK&nbsp;Hey! I don't work with CA/Intune as we have a separate unit for that, but if I understand your question correct I believe you should use the Grant section in the policy and "require device to be marked as compliant" or "require approved client app" for example, to have them registered in AAD.&nbsp;https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#&nbsp;&nbsp;

rippieuk · Answer

ChristianBergstrom&nbsp;so CA is considered but not all our users are on a license that allow them CA hence why i wanted to know how to do this without CA.&nbsp;&nbsp;But if people want to set up work email on their personal phones, then at least we need to make sure its secure. 🙂 hence why i thought of MAM

christianbergstrom · Answer

RippieUK&nbsp;Hello! OK, you didn't mention all users aren't eligible for CA. Have you looked at this then?&nbsp;https://docs.microsoft.com/en-us/mem/intune/apps/mam-faq&nbsp;And just to put it out there you also have the built-in MDM in Office 365 and in that case you would end up with&nbsp;Office 365 MDM Coexistence and the&nbsp;management authority being defined based on the license assigned to the user.&nbsp;https://support.microsoft.com/en-gb/office/set-up-mobile-device-management-mdm-in-microsoft-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-us&amp;rs=en-gb&amp;ad=gb

moe_kinani · Answer

RippieUK,MAM should be the best fit for your scenario. You can assign PIN for all company apps, you can’t wipe the apps remotely but you can disable their users from O365 which prevent them from log in.In Android, it forces them to install the Company Portal (They have to postpone without enrolling MDM) to all access to company data.Good luck!Moe

christianbergstrom · Answer

Hello Moe! Glad I pointed towards MAM then! I know this is your area of expertise 🙂 Thanks for the input!

Forum Discussion

How to stop users connecting to things with their work account from personal mobile

6 Replies

Resources