05-15-2018 10:17 AM
05-15-2018 10:17 AM
I have ran the below command and this has blocked attachments from being downloaded on default mail app, however its not working on Outlook Mobile application. Users are still able to download attachments on Outlook mobile application.
Set-ActiveSyncMailboxPolicy -Identity default -AttachmentsEnabled $false
05-15-2018 10:33 AM
Outlook mobile does not use ActiveSync (anymore), thus you cannot expect all the restrictions configured via active sync policies to apply.
05-15-2018 10:48 AM
05-15-2018 11:44 AMSolution
This can be done, but it will depend on your licensing. You will have to control the app with MAM via Intune. Then you can set policy for Outlook, SharePoint app, OneDrive, etc.
If you are looking for broader protection capabilities beyond what’s included in Office 365, you can subscribe to Microsoft Intune, which is part of the Microsoft Enterprise Mobility Suite. Intune provides mobile application management (MAM) capabilities for Outlook and other Office mobile apps in addition to the conditional access and device management capabilities outlined above. With Intune MAM, you can restrict actions such as cut, copy, paste, and “save as” of corporate data between Intune-managed apps and apps that are not managed by Intune. Additionally, the Intune-managed Outlook apps include a new multi-identity management feature that enables users to access both their personal and work email accounts in the same Outlook app while only applying the Intune MAM policies to the user’s work account –
02-06-2019 11:17 PM
MAM policies do not allow you to deny or block access to email attachments.
Cut, copy, paste, and “save as” restrictions via App policies are working fine but they are useless on Outlook for iOS as you can just forward an email attachement to a gmail or else account and cut, copy save as from here.
02-07-2019 08:15 AM
Thanks for your response. The answer is more than just a point product like Intune. EMS will allow for what you want with a combination of:
Some resources to help
02-07-2019 10:34 PM
I don't understand how Information Protection comes into play in that scenario.
The application protection policy is from what I understand replacing ActiveSyncMailboxPolicy for managed Apps such as Outlook.
I do also have conditional access policies set to only allow connections to Exchange from iOS & Android using a Managed Application only but this isn't enough we are still missing a setting to control email attachments.
Like I said have a policy disallowing users from saving an email or attachment is completely pointless if you can just forward it to another email account and do it from there.