Forum Discussion

Brass Contributor

Aug 01, 2018

Restrict O365 to managed mobile browser

Hi I have set up app protection policies for users on unmanaged mobile devices, These work fine but to stop staff getting round the controls I want to restrict their access to our O365 portal fro...

Conditional Access

Mobile Application Management (MAM)

mobile device management (mdm)

Software Management

Oliver Kieselbach

MVP

Aug 01, 2018

Hi Alistair,

I would build a Conditional Access rule to require approved apps targeted to your iOS and Android not Windows. This would force people to access your services via the MS apps which includes the Managed Browser:

Approved apps list can be seen here: https://aka.ms/supportedmamapps

best,

Oliver

Alistair Trigg
Brass Contributor
Aug 01, 2018
Hi

Thanks you have confirmed that I am in the right place but maybe I was looking at it from the wrong angle. So I had selected cloud apps - O365 exchange online, condition - browsers, access control - block.

I was assuming that this would block any access to O365 in a browser on a mobile device but it doesn't seem to?
- Oliver Kieselbach
  MVP
  Aug 01, 2018
  Hm... I never tried it that way but I see another attack vector when designing it with a block rule. If someone builds an app which allows web requests by individual input, a kind of custom browser, this will not be recognized by the block rule. So I would prefer the way to limit the users to approved apps.
  - Alistair Trigg
    Brass Contributor
    Aug 01, 2018
    Hi
    
    Good point and I have found that my rule is now blocking my laptop access to O365 so it doesn't work. i have the apps controlled using app policies but I can't get my head around how I stop a user just adding the portal.office.com url in chrome on the mobile and logging into our tenant. I might be missing something here so apologies

Resources