Intune and Conditional Access

Occasional Contributor
Hi All,

I have been asked a few questions about Intune and Conditional Access and I was hoping to get some advice.

The question I was asked:
As discussed we have a situation that I believe MS InTune would address.  That said, I don’t know what I don’t know, so your direction around the subject would be appreciated.
We have migrated 99% of the e-mail estate to Office 365.  Over the next month, we will migrate our home and shared drives.  In migrating the e-mail users, we have found that a small percentage of the estate, ~20% (15-20 users), were using Corporate e-mail on personal devices.  The devices vary from iOS, Android, Mac OSX, Windows.
We need to have full control of e-mail residing on third-party devices.  It needs to be secure; we need to be able to monitor and track the e-mails.
Note, we currently use SOTI for Android device management.  We will need to understand if there are any implications associated with coexistence.
In parallel to the above, we need to develop our full e-mail policy.  We would also need documentation and training on how to administer Intune once live.   The documentation is essential.
Hopefully the above gives you enough to start with.  Please let me know what it would cost to get the above in place.  Ignore licenses, I’ll deal with those.
While writing, do you know of a way to prevent Office 365 users from downloading or printing from a browser, but only when outside of the corporate network?

Do you know how I would use Intune and Conditional Access to achieve these requirements?
I hope you can help,
0 Replies