Forum Discussion

Copper Contributor

Dec 13, 2018

Solved

Outlook iOS - Circumventing App Protection Policies with Add-Ins

Outlook mobile for iOS now includes a feature that lets you install Add-Ins on the mobile client. Although I see how this could be viewed as a great and conducive feature for the user, there is a si...

App Protection Policies

mobile device management (mdm)

office 365

Outlook Add-In

Outlook for iOS

Andrew Matthews
Dec 14, 2018
Ok, I have a work around for you.

If you go into Exchange Online then go to Permisions then User roles; you should see a default role assignment policy. Edit the policy and disable all of the app roles (see the screenshot).
After you save the policy Outlook Add-ins not added by and Admin are blocked in the mobile clients and OWA. The user experience varies between Android and iOS but I was unable to install add-ins in Outlook on either platform.

Andrew Matthews

Iron Contributor

Dec 14, 2018

Ok, I have a work around for you.

If you go into Exchange Online then go to Permisions then User roles; you should see a default role assignment policy. Edit the policy and disable all of the app roles (see the screenshot).

After you save the policy Outlook Add-ins not added by and Admin are blocked in the mobile clients and OWA. The user experience varies between Android and iOS but I was unable to install add-ins in Outlook on either platform.

bsauro

Copper Contributor

Nov 13, 2019

Andrew Matthews

Any idea how to stop OneNote in this scenario? We are seeing that O365 keeps enabling the "send to OneNote" option on Outlook desktop, which will let you use OneNote on a phone in a personal account, and transfer data from Intune/company MAM policy into personal OneNote. My org is unsure if this is a Microsoft data leakage issue, or a configuration issue - currently escalating but nobody seems to know/understand.