cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restrict mobile access to email for specific users

keshavadmin
Copper Contributor

‎Oct 04 2020 01:10 PM

‎Oct 04 2020 01:10 PM

Restrict mobile access to email for specific users

I would like to block mobile access to emails for specific users in my organization. This includes the native mail app on the phone, any other mail app on the phone (including Outlook), as well as any browser on the phone.  This is because these users have access to sensitive information about the company. All other users should be able to access mobile emails.

I tried using the quarantine policy, from the exchange admin, however, that does not prevent the users from using the web browser to access the emails via outlook.com on their mobile.

19.6K Views
0 Likes
6 Replies
Reply
6 Replies
HidMov

‎Oct 04 2020 02:38 PM

‎Oct 04 2020 02:38 PM

Re: Restrict mobile access to email for specific users

Hi @keshavadmin 

 

In the Exchange Admin Centre, find the recipients and edit the mailbox - in Mailbox Features you should see an option to disable OWA.

 

owa.png

 

The wording/location may be different depending on your version of Exchange, disabling will stop those specific users from being able to log onto OWA.

0 Likes
Reply
JTOLW

‎Oct 04 2020 08:57 PM

‎Oct 04 2020 08:57 PM

Re: Restrict mobile access to email for specific users

The setup may change depending if the devices are managed or not. If they are managed in Intune, you may be able to configure device restrictions to block the in-built apps to achieve what you're after. 

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create

 

If you're running Microsoft365 and have access to Cloud App Security, creating a conditional access policy that targets those users and/or devices may achieve what you're after. 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...

 

You can also setup session policies which give you real-time session-level monitoring, with the ability to take different actions depending on the policy you set for the user session.

https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad#block-activities

 

@keshavadmin 

1 Like
Reply
lance-aughey

‎Oct 05 2020 09:40 AM

‎Oct 05 2020 09:40 AM

Re: Restrict mobile access to email for specific users

@keshavadmin 

 

To expand on what @hidmov suggests, you'll also want to "Disable Exchange ActiveSync" and "Disable OWA for Devices" under the Mobile Devices Section (via EAC). If you're using the New EAC, the language is a bit different, but the process is the same. 

0 Likes
Reply
keshavadmin

‎Oct 05 2020 11:09 AM

‎Oct 05 2020 11:09 AM

Re: Restrict mobile access to email for specific users

@lance-aughey

So, if I’m not wrong, this allows me to:
1. Block Outlook Web App access on mobile
2. Block Outlook App access on mobile
3. Block Native Mail App access via Exchange Active Sync (Can they still use IMAP or POP for this?)
4. Allows them access to Outlook Web App on a PC.
5. Allows them access to Outlook Desktop app.
Please suggest if this is the case. It seems to be my ideal situation.
0 Likes
Reply
lance-aughey

‎Oct 05 2020 12:08 PM

‎Oct 05 2020 12:08 PM

Re: Restrict mobile access to email for specific users

Access to IMAP/POP are managed through EAC the same as the other protocols -- enable/disable as you wish. The only thing to note is #4 (and #5)...as I understand it, if you disable Outlook Web App, it prohibits the user from opening Outlook via a browser, regardless of whether or not it's Mobile or Desktop.
0 Likes
Reply
Dean Gross

‎Dec 01 2020 12:55 PM

‎Dec 01 2020 12:55 PM

Re: Restrict mobile access to email for specific users

@keshavadmin An alternative approach would be to use Sensitivity Labels and DLP policies to block the access to sensitive information while providing access to other information. This would be a much better user experience and would provide many other benefits. 

0 Likes
Reply