I would like to confirm a behavior of Intune Conditional Access for Exchange On-premises. My company has Exchange 2013 + Intune Connector setup, and enabled Conditional Access for Exchange On-premises. Global setting is block access. Everything is working fine except the following case. I am not sure this is a bug or by design. Please help me take a look.
User A’s device is enrolled with Intune.
User A is using iOS's native Mail app to access his own mailbox.
Now, in the Mail app, he can add another user's account (user B) of the same company, and access the email.
In result, he only enrolled one device with his own account (user A), but can access both user A and user B's mailboxes on the same device.
We want to restrict this behavior. On the enrolled device, we want only the device owner to access his own mailbox, not his colleague's mailbox. Is this something doable?
Is user B licensed for Microsoft Intune? If not, try to license user B and see if the behavior changes. You may also have to license user B with Azure AD Premium P1 or greater in order for this to work, though I've never actually been able to confirm this.