Home

How to block certain apps in intune?

%3CLINGO-SUB%20id%3D%22lingo-sub-192255%22%20slang%3D%22en-US%22%3EHow%20to%20block%20certain%20apps%20in%20intune%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-192255%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20to%20see%20if%20there%20is%20anyway%20I%20can%20block%20Apple%20Mail%20and%20Gmail%20apps%20on%20IOS%20and%20Android%20from%20being%20used%20via%20Intune%3F%3C%2FP%3E%3CP%3EIs%20this%20possible%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ECathal%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-192255%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196133%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20block%20certain%20apps%20in%20intune%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196133%22%20slang%3D%22en-US%22%3E%3CP%3EConditional%20access%20and%20MAM%20are%20complitely%20different%20things.%3CBR%20%2F%3EIn%20order%20to%20block%20app%20using%20Condtional%20Access%2C%20application%20needs%20to%20be%20integrated%20with%20Azure%20AD.%20After%20that%20you%20will%20be%20able%20to%20select%20app%20as%20target%20for%20CA%20Policy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMAM%20policy%20can%20be%20deployed%20to%20any%26nbsp%3B%3CSTRONG%3Emobile%26nbsp%3B%3C%2FSTRONG%3Eapplication%20with%20Intune%20SDK.%20To%20target%20MAM%20policy%20for%20app%2C%20you%20just%20need%20to%20add%20bundleID%20on%20stage%20of%20targeting%20app%20protection%20policy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20easy%20terms%2C%20CA%20policy%20is%20checking%20your%20connection%20to%20meet%20required%20conditons%20(risk%20level%2C%20app%20used%2C%20location)%20and%20MAM%20policy%20is%20controlling%20what%20you%20can%20do%20with%20corporate%20data%20in%20mobile%20application.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-196013%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20block%20certain%20apps%20in%20intune%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-196013%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20conditional%20access%20work%20for%20third%20party%20(non%20Microsoft)%20applications%3F%20Is%20the%20Intune%20SDK%20or%20Intune%20wrapper%20required%20to%20enable%20conditional%20access%20when%20using%20Intune%20MAM%3F%3C%2FP%3E%3CP%3EThanks%3CBR%20%2F%3EJosh%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-195773%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20block%20certain%20apps%20in%20intune%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-195773%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Cathal%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20Alexander%20said%20you%20can%20use%20Conditional%20Access%20and%20allow%20approved%20apps%20only.%20But%20remember%20conditional%20access%20works%20with%20modern%20authentication.%20If%20an%20app%20uses%20legacy%20auth%20(basic%20auth%2C%20etc)%20like%20for%20example%20Exchange%20ActiveSync%20you%20will%20not%20block%20it%20with%20Conditional%20Access%20unless%20you%20take%20additional%20steps%20like%20EAS%20Quarantine.%20But%20even%20then%20you%20have%20still%20POP%2C%20SMTP%2C%20EWS%2C%20etc.%20Therefore%20you%20would%20need%20to%20block%20this%20via%20ADFS%20for%20example%20or%20wait%20until%20Conditional%20Access%20is%20able%20to%20block%20legacy%20auth%20also.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebest%2C%3C%2FP%3E%3CP%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-192677%22%20slang%3D%22en-US%22%3ERE%3A%20How%20to%20block%20certain%20apps%20in%20intune%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-192677%22%20slang%3D%22en-US%22%3EConditional%20access%20can%20help%20with%20that.%20There%20is%20an%20option%20to%20allowed%20apps%20only%20(Outlook%20Mobile%20is%20one%20of%20it).%3C%2FLINGO-BODY%3E
Cathal Condon
Occasional Visitor

Hi Everyone,

 

I am looking to see if there is anyway I can block Apple Mail and Gmail apps on IOS and Android from being used via Intune?

Is this possible?

 

Thanks

Cathal

4 Replies
Conditional access can help with that. There is an option to allowed apps only (Outlook Mobile is one of it).

Hi Cathal,

 

As Alexander said you can use Conditional Access and allow approved apps only. But remember conditional access works with modern authentication. If an app uses legacy auth (basic auth, etc) like for example Exchange ActiveSync you will not block it with Conditional Access unless you take additional steps like EAS Quarantine. But even then you have still POP, SMTP, EWS, etc. Therefore you would need to block this via ADFS for example or wait until Conditional Access is able to block legacy auth also.

 

best,

Oliver

Does conditional access work for third party (non Microsoft) applications? Is the Intune SDK or Intune wrapper required to enable conditional access when using Intune MAM?

Thanks
Josh

Conditional access and MAM are complitely different things.
In order to block app using Condtional Access, application needs to be integrated with Azure AD. After that you will be able to select app as target for CA Policy.

 

MAM policy can be deployed to any mobile application with Intune SDK. To target MAM policy for app, you just need to add bundleID on stage of targeting app protection policy.

 

In easy terms, CA policy is checking your connection to meet required conditons (risk level, app used, location) and MAM policy is controlling what you can do with corporate data in mobile application. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies