Nov 03 2020
- last edited on
Jan 14 2022
I have a Conditional Access policy that blocks Exchange Active Sync Clients.
Earlier I experienced that the native mail on iOS was blocked, but these days the native mail works fine even though this CAP (Active Sync - Block) is active. Is that because the native email-app in iOS got support for Oauth in iOS12+? Is it correct to state that the "Block Active Sync"-CAP only blocks Active Sync when the client uses Basic Authentication? Which means that if the email client is using active sync as a mail protocol but modern auth as authentication, it will not become blocked?
So if we really want to turn off Active Sync (even though it's modern authentication) we need to use this? https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...
Another way would be using supported app and or app protection (since none of that is supported for the native mail) but I thought that "Block Active Sync" should disable the native mail app, but I guess I haven't been keeping up.
Nov 07 2020 06:45 AMSolution
Nov 07 2020 07:15 AM
@Thijs Lecomte Great, thanks for the clarification.