Sep 07 2020
- last edited on
Apr 01 2022
Hopefully, this is posted in the correct place.
We are currently in the process of mowing our estate from on-prem to 365. We have a conditional access setup within azure intune that will block active sync. This means that all our users can only use the outlook app on respective phones to access the emails, which is great.
The question I have that so far I was unable to find answers to is how I can further help us with regards to managing the app and the content. What I mean here is if a person were to leave our organization is there a way I can make their outlook app wipe all of its data? If this is not possible is there a way to lock users out from seeing all of the data, emails, etc cached within the app as soon as? We have experimented with changing passwords and taking away licences but that still allows user to see all the emails already cached on the device and it asks for a password. Any assistance would be appreciated.
I had a look at setting up some policies with intune but nothing enrolls. I am not going to lie I am super new to 365.
Sep 07 2020 07:47 AM
Sep 08 2020 01:02 AM - edited Sep 08 2020 04:10 AM
@Vasil Michev Hi thank you for the link. I had a look and if I am not mistaken we need to have intune as otherwise we cannot delete the apps or their content.
That being said the article also mentioned that some of it should be possible with AAD premium license. We currently have Azure AD Premium P1.
I had a quick play around and myself who is on a higher license M365 is able to be managed with intune, apps pushed to the user, and correctly registered on the portal as a personal device, etc.
The second test user with an O365 license is able to enroll but he is not receiving any of the company apps, namely emails, and on the portal, most of the details show as unknown.
I had a look at this option: https://docs.microsoft.com/en-us/mem/intune/protect/app-based-conditional-access-intune but I cannot figure out how I would then remove the data from the user device. I guess i can stop the user from accessing the emails and the 365 as he will not meet the condition of being a member of allowed group, but how I would remove the emails already cached on his device?
Have I missed something obvious here?
Sep 08 2020 07:52 AM
After following the earlier mentioned guide and setting it all up as it mentioned in the guide I have tried to access emails on my device. It is not allowing me to add them in Gmail but it seemed to have work with the outlook app.
It asked me to install Microsoft corporate intune app which I have and when I try to open outlook now and add an email address to it it gives me error message "this account cannot be added because the outlook isn't configured correctly".
What have I missed? I have outlook from both google play and google play for work added to the managed apps within my intune/aad