SOLVED

Creating a mobile device management policy to force iOS devices to use Outlook?

%3CLINGO-SUB%20id%3D%22lingo-sub-1316155%22%20slang%3D%22en-US%22%3ECreating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316155%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20there%20a%20way%20to%20create%20a%20Mobile%20Device%20Management%20policy%20that%20prevents%20iPhone%2FiPad%20users%20from%20accessing%20their%20corporate%20email%20using%20anything%20but%20the%20Outlook%20for%20Mobile%20iOS%20client%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1316155%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EiOS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316166%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316166%22%20slang%3D%22en-US%22%3EThis%20should%20be%20done%20through%20Conditional%20Access.%20You%20can%20use%20the%20'approved%20app'%20for%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fapp-based-conditional-access%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fapp-based-conditional-access%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316171%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316171%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%2C%20ah%20brilliant!%26nbsp%3B%26nbsp%3B%20That's%20exactly%20what%20I%20was%20looking%20for.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316232%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316232%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20CA%20requires%20Azure%20AD%20P1%20or%20equivalent%20license%2C%20I%20thought%20I'd%20threw%20in%20Exchange's%20own%20method%20to%20achieve%20this%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Foutlook-for-ios-and-android%2Fsecure-outlook-for-ios-and-android%23leveraging-exchange-online-mobile-device-policies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Foutlook-for-ios-and-android%2Fsecure-outlook-for-ios-and-android%23leveraging-exchange-online-mobile-device-policies%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316246%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316246%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20know%20what%20level%20of%20Microsoft%20365%20Ex%20licensing%20a%20Microsoft%20365%20Business%20license%20equates%20to%3F%26nbsp%3B%26nbsp%3B%20Does%20it%20have%20the%20equivalent%20of%20a%20Microsoft%20365%20E3%20license%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316247%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316247%22%20slang%3D%22en-US%22%3EAwesome!%3CBR%20%2F%3EAdding%20to%20that%3A%20I%20like%20to%20configure%20both%20Mobile%20Device%20Policies%20and%20Conditional%20Access.%3CBR%20%2F%3E%3CBR%20%2F%3EConditional%20Access%20filters%20on%20device%20platform%20and%20I%20have%20seen%20some%20mail%20apps%20that%20don't%20provide%20their%20platform%20in%20the%20request.%20This%20causes%20CA%20to%20allow%20this%20request.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20Exchange%20way%20will%20block%20them%20more%20rigid.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1316266%22%20slang%3D%22en-US%22%3ERe%3A%20Creating%20a%20mobile%20device%20management%20policy%20to%20force%20iOS%20devices%20to%20use%20Outlook%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1316266%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20equivalent%20would%20be%20O365%20for%20Business%2C%20but%20I%20believe%20now%20they've%20added%20the%20required%20Azure%20AD%20Premium%20bits%2C%20so%20you%20should%20be%20fine%20either%20way.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

If there a way to create a Mobile Device Management policy that prevents iPhone/iPad users from accessing their corporate email using anything but the Outlook for Mobile iOS client?

6 Replies

@Thijs Lecomte, ah brilliant!   That's exactly what I was looking for.


Thank you!

Since CA requires Azure AD P1 or equivalent license, I thought I'd threw in Exchange's own method to achieve this: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-...

Thanks, @Vasil Michev.

 

Do you know what level of Microsoft 365 Ex licensing a Microsoft 365 Business license equates to?   Does it have the equivalent of a Microsoft 365 E3 license?

Best Response confirmed by OneTechBeyond (Frequent Contributor)
Solution
Awesome!
Adding to that: I like to configure both Mobile Device Policies and Conditional Access.

Conditional Access filters on device platform and I have seen some mail apps that don't provide their platform in the request. This causes CA to allow this request.

The Exchange way will block them more rigid.

The equivalent would be O365 for Business, but I believe now they've added the required Azure AD Premium bits, so you should be fine either way.