Forum Discussion
Outlook iOS - Circumventing App Protection Policies with Add-Ins
Ok, I have a work around for you.
If you go into Exchange Online then go to Permisions then User roles; you should see a default role assignment policy. Edit the policy and disable all of the app roles (see the screenshot).
After you save the policy Outlook Add-ins not added by and Admin are blocked in the mobile clients and OWA. The user experience varies between Android and iOS but I was unable to install add-ins in Outlook on either platform.
Ok, I have a work around for you.
If you go into Exchange Online then go to Permisions then User roles; you should see a default role assignment policy. Edit the policy and disable all of the app roles (see the screenshot).
After you save the policy Outlook Add-ins not added by and Admin are blocked in the mobile clients and OWA. The user experience varies between Android and iOS but I was unable to install add-ins in Outlook on either platform.
That did the trick. After updating that Policy with the settings you recommended and assigning it to my mailbox, I'm no longer able to add those add-ins. Really appreciate the help with this.
Now I just need to test if this will mess up add-ins on the Outlook desktop client where we want users to be able to run certain add-ins.
Thanks again!
The Outlook add-in settings are cross platform so the setting affect Outlook Web Access, Outlook Mobile and Outlook Desktop.
I would advise locking down the Outlook add-ins so that users cannot add their own add-ins, then selectively add the add-ins that you want to Office 365.
That way you get the best of both worlds, security and happy users.
FYI - You helped me because this little trick has just been added to my O365 and Intune cookbook.
