We need to block a group of users from using the Outlook desktop application. We want them to only access company emails using the Internet browser version of Outlook.
I have tried to achieve this by using an Azure Conditional Access policy (with Office 365 Exchange Online). The problem is using Azure Conditional will also effect MS Teams and Skype for Business as explained on https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-faqs
My question is, is there another way we can block the Outlook desktop application using another Intune feature like Windows Information Protection (WIP)?
If you want to block them from accessing Outlook on *any* location, use the Set-CasMailbox cmdlet:
Get-CASMailbox firstname.lastname@example.org -MAPIEnabled $false
If you want to block it from outside of the corporate network only, Conditional Access or AD FS claims rules are your only options.