Mar 12 2020 03:22 AM
Hi all,
We are implementing the Outlook app as default mail app on iOS and Android devices. So far, so good.
But with testing the CA policy with approved client apps and approved app protection policy on, we see that the Gmail app is able to connect to EXO. The Gmail is not an approved app, according to Microsoft (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acces...), but is still able to connect. I know that the Gmail app is using Modern Auth these days.
Any ideas how we can block the Gmail app from connecting to EXO?
Mar 12 2020 03:33 AM
Hi, are you following this process which is meant to do the job - Block all email apps except Outlook for iOS and Android using conditional access, is there any difference with how you have it set up currently?
Mar 12 2020 03:51 AM
Mar 12 2020 04:44 AM
Mar 12 2020 05:03 AM
SolutionOké guys.
Thanks for your support, but it is resolved.
Gmail is indeed using the old legacy IMAP protocol to connect to EXO.
But it took some time that the CA was working.
So this one is solved and closed.
Mar 13 2020 04:41 AM
@Jeroen Burgerhout Hi. How did you resolve it ?
Mar 13 2020 06:09 AM
Hi @Virre ,
First you have to follow steps 1 and 2 from this link -> https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-protection-based-cond...
Second, follow this doc -> https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authenticat... and then use a test user to test this CA policies.
But it could be that you have to wait for a couple of hours, until the policies are working. I had it in my case. Test it also on iOS and Android devices with their native mail apps and the Gmail app.
If you have any questions, let me know.
Jul 28 2021 05:58 AM
dear all i m sorry to tell you that but you are all wrong about the Gmail mobile app
it is not using legacy it is using the browser as authentication
and some times using modern authentication
so the only way is to go to enterprise applications and block it
Mar 12 2020 05:03 AM
SolutionOké guys.
Thanks for your support, but it is resolved.
Gmail is indeed using the old legacy IMAP protocol to connect to EXO.
But it took some time that the CA was working.
So this one is solved and closed.