Forum Discussion
Restrict third-party mail app access in iOS to Exchange Online
Hello all, I am trialling Intune, with a view to it being used at the company I work for. One of the features we are particularly keen on is conditional access - we want the ability to limit Offi...
Adam,
Edison does not use Modern Authentication, I verified this by downloading it and attempting to sign in with my MFA-enabled account. It told me I had to sign in with my MFA "App Password."
The confirms that Edison is using what is known as "Legacy Authentication."
Based on what I saw you configure in your Conditional Access Rules, you are missing a block rule to specifically block legacy authentication for Exchange Online. This should then block the Edison app.
Give it a try, isolate it to a single test account, and let us know how it works.
Hope this helps.
Joe
Hello Joe,
Thanks for your assistance, I believe with your help I've resolved the issue.
I created a new conditional access policy, with a condition to apply the policy to "Exchange ActiveSync Clients" or "Other clients" - this one is set to block access, rather than grant. From your findings with Edison that it doesn't MFA, I assume that it therefore falls under the "Other clients".
What I still don't understand is why a device we tested with that wasn't enrolled in Intune was still able to use Edison. I assumed that the first policy I created to grant access, with the requirement that a device was compliant in Intune, would, mean that other devices that tried to connect which weren't compliant would get blocked.
Anyway - we are glad that it is setup now with the desired behaviour! Many thanks again!
Adam
