Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Blocking of Outlook desktop using Conditional Access also effects Skype for Business and MS Teams.

Brass Contributor
Hi All,
 
I need to block users using their Outlook desktop application using Azure Conditional Access (Office 365 Exchange Online Mobile apps and desktop clients).
 
The problem I am having is the blocking of Outlook desktop also effects Skype for Business and MS Teams.

Is there a way I can block Outlook desktop without effecting Skype for Business and MS Teams?

Also, I need a list of what effects of enabling Conditional Access will have on applications. For Example, enabling of Office 365 Exchange Online Conditional Access will effect Outlook, Skype for business, and MS Teams.
 
I hope you can help. Thanks.
Colin
3 Replies

Both SfB and Teams depend on Outlook for certain functionalities, so those will not be available if you have blocked access. However it should not prevent users from actually logging to SfB/Teams.

I Have not been able to block access without affecting skype, teams and sharepoint.  It appears logging from mobile device is not possible once conditional access is used to block O365 exchange application.

 

@C Edwards @Vasil Michev I would like to add in here that the reverse holds true.  We have enacted conditional access for Teams on mobile devices for select users- granting access to mobile devices which meet the requirements.  This prevents users from receiving email on their devices until they sign into Intune and set up the company portal.   Generally, this wouldn't be a big deal.

 

However, we are migrating users from on-prem to 365, and we do not set up Intune on devices until the mailbox is migrated.  Therefore, this policy effectively halted email to a number of phones for users who 1) had not installed Teams on their phone yet, 2) had email already on their devices, and 3) should not have been made aware of any background change.

 

I suppose a valid workaround would be to create a new AD group which users are moved into after being migrated, and then configure Intune to manage this group- but this information should be provided upfront (i.e. the applications are interdependent, and if one is blocked so shall be others, etc.).

 

 

*editing - Is it certain that Teams cannot be managed by conditional access without affecting mail flow as well?