Forum Discussion
skipster311-175
Feb 14, 2022Brass Contributor
Mobile device mailbox policies vs. Intune compliance policies
Hello I have a high level executive that wants to use the native outlook client that comes built in with iOS. I know about the "apple internet" app in azure, so i know i can achieve modern auth. Th...
- Feb 15, 2022Yes indeed... the native mail client cant be targetted with app protection so when you are stepping it up a notch and creating a conditional access rule to require app protection.... you will be blocked
Moe_Kinani
Feb 15, 2022Bronze Contributor
Hi,
You can go through the documentation below, I think you need to compare against Compliance Policy and more importantly App Protection Policy.
Are you trying to disable un-approved apps from accessing your email? If yes, use combination of App Protection Policy and Conditional Access.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios
https://docs.microsoft.com/en-us/exchange/clients/exchange-activesync/mobile-device-mailbox-policies?view=exchserver-2019
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection
You can go through the documentation below, I think you need to compare against Compliance Policy and more importantly App Protection Policy.
Are you trying to disable un-approved apps from accessing your email? If yes, use combination of App Protection Policy and Conditional Access.
Hope this helps!
Moe
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios
https://docs.microsoft.com/en-us/exchange/clients/exchange-activesync/mobile-device-mailbox-policies?view=exchserver-2019
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection
Feb 15, 2022
I am not exactly sure what you are asking but
+1 App Protection as it is really important and the native email app on an Ios is not capable of having app protection applied.
+1 App Protection as it is really important and the native email app on an Ios is not capable of having app protection applied.
- skipster311-175Feb 15, 2022Brass ContributorWhat i am asking, is a comparison between what a compliance policy in Intune, vs. aa mobile device mailbox policy. What policy settings are similar, where is there overlap between the two. I have found what i was looking for. Below links detail what is available . Regarding App protection policies not being available when using the native email app for iOS mail client. Can you point me to a link that talks about this ?
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/mobile-device-mailbox-policies
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios- Feb 15, 2022Device Mailbox Policy --> you set the things that are checked if you are compliant
Compliance Policy --> you check the things that are set to be compliant
Something like this? - Feb 15, 2022This is the list for apps that do support app protection policies
https://docs.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps#microsoft-apps
If its not on the list... you know the answer..- skipster311-175Feb 15, 2022Brass ContributorGot it. So even if the device is managed through Intune, and we allow the native iOS mail client, we cant create an app protection policy to prevent the user from merging company data with personal data, Is this correct ?