Apr 18 2019 01:22 PM
Hola Everyone,
I hope you are doing well.
I am trying to set conditional access and CAS access policy to block access to Outlook Fat Client. I configure this block in CAS and nothing happens. Do I have to configure something in Azure AD in the Conditional Access policy? Or is it redundant, meaning I should only configure on one side and not the other.
Note that I already have a session policy for custom policy in Azure AD set up.
Let me know your thoughts. Thank you.
Apr 22 2019 07:47 AM
@MariaYacaman hi there! Can you send what your current conditional access policy looks like? In Azure AD to block desktop clients there is a setting for that- have you tried this out?
Apr 22 2019 10:17 AM
I have the same issue. I tried to configure Access policy to block Exchange Online access from non compliant devices. It works on Windows 10 native mail client but not in Outlook from Office 2016. I also included browser access to the rule and I get the same behavior.
I appreciate if someone could update why Outlook does not seem to obey the policy
I attached an image showing what I get on Windows 10 native mail client (On this client it success)
Regards.
Apr 22 2019 10:41 AM
@JavierCaro Hi Javier, what is your policy set up like? Can you send a screen shot of the blades?
Apr 22 2019 11:44 AM
@Ethan Stern thank you for getting back to me.
So I have played with all settings. When I configure to block from Azure AD it works under Access Controls. But when I leave without any access control grants as the screenshot attached and configure it is CAS (as the other screenshot attached), it will not do the block.
Let me know if you need any more screenshots from me to further troubleshoot.
Thank you.
Apr 22 2019 11:45 AM
@Ethan Stern see other screenshot of Azure AD.
Apr 22 2019 12:03 PM
@Ethan Stern Hi
I attached an image of my two policies (AD and MCAS). MCAS policy Works on Windows 10 native mail client but not in Outlook from Office 2016.
Regards.
Apr 22 2019 12:39 PM
@JavierCaro I have the same configuration as you in CAS and Azure AD and I do not seem to be able to block access from Outlook fat client, unless I configure the block in Azure AD.
Apr 22 2019 12:44 PM
It is right. That's what I meant with my post. MCAS can block access from any other client (native clients such as Windows 10) except Microsoft Outlook. I would think that it might be related to the new MAPI / HTTPS