Forum Discussion

KurtisM1990's avatar
KurtisM1990
Copper Contributor
Apr 15, 2021

Remove email access to non corporate devices

Hi there, 

 

I've started to migrate all of our devices into InTune and naturally there are users out in the business against an MDM on their device. 

 

With no view of assets I was wondering if it's possible to remove access to O365 from their device but create an exempt group for our Directors who have their own devices but require access? 

  • Hi,

    It sounds you need to create a conditional access policy that targets exchange online and all other users except the director group. (In my opinion, not the best group to exclude... they are the most likely targeted) and require compliant devices.

    So all users need to have enrolled/comliant devices except the director group... please do not forgot the create app protection policies for managed and unmanaged devices.

     

    Here is some explanation:

    The Chronicles of MAM - Call4Cloud Setting up IOS App protection policies

  • Hi,

    It sounds you need to create a conditional access policy that targets exchange online and all other users except the director group. (In my opinion, not the best group to exclude... they are the most likely targeted) and require compliant devices.

    So all users need to have enrolled/comliant devices except the director group... please do not forgot the create app protection policies for managed and unmanaged devices.

     

    Here is some explanation:

    The Chronicles of MAM - Call4Cloud Setting up IOS App protection policies

    • KurtisM1990's avatar
      KurtisM1990
      Copper Contributor
      Hi Rudy,

      Yeah I agree on your director comment but I'm sure you know how it is! I'll have a look into it.
      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Hi,

        Yes I do 🙂 I know it's hard... take a look at the link I just added with some explanation...

Resources