cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Block Outlook-Client on unmanaged Win10

MarkusDi
Brass Contributor

‎Feb 15 2021 10:26 PM

‎Feb 15 2021 10:26 PM

Block Outlook-Client on unmanaged Win10

Hi All,

 

my customer wants to block the Outlook-Client on unmanaged Win10-Devices (private PCs), but Teams-Client should work.

I´ve done some testing with Conditional Access, MCAS and App-Protection-Policies. But either Outlook-Client AND Teams-Client were blocked or only Teams-Client blocked and with Outlook-Client I got a connection to EXO.

Only Browser is not an option for my customer.

 

Any Ideas about this question?

 

Regards,

Markus

Labels:
3,706 Views
0 Likes
7 Replies
Reply
7 Replies
NicklasAhlberg

‎Feb 15 2021 10:35 PM - edited ‎Feb 15 2021 10:37 PM

‎Feb 15 2021 10:35 PM - edited ‎Feb 15 2021 10:37 PM

Re: Block Outlook-Client on unmanaged Win10

Hello @MarkusDi 

 

I recommend that you use a Conditional Access policy and set it up to block non-compliant and non-Hybrid Azure AD joined devices. Please note that you would need an Exchange Online authentication policy to strictly forbid legacy authentication apps to connect. Legacy Authentication does not care for Conditional Access policies. Disable Basic authentication in Exchange Online | Microsoft Docs

 

NicklasAhlberg_1-1613457292888.png

 

//Nicklas Ahlberg

 

https://www.nicklasahlberg.se 

 

0 Likes
Reply
MarkusDi

‎Feb 15 2021 11:03 PM

‎Feb 15 2021 11:03 PM

Re: Block Outlook-Client on unmanaged Win10

Hello @NicklasAhlberg 

this Policy would block unmanaged devices completly.

But they should be able to use Teams-Client on unmanged devices. "only" the use of outlook-client should be restricted...

 

Regards,

Markus

0 Likes
Reply
NicklasAhlberg

‎Feb 16 2021 01:34 AM

‎Feb 16 2021 01:34 AM

Re: Block Outlook-Client on unmanaged Win10

@MarkusDi 

 

You could try to just block Exchange Online app but I am sure it will probably interfere with some Teams, OneDrive and SPO functionality. In this case I would use MAM to deploy an MS Edge policy. 

NicklasAhlberg_0-1613467942203.png

 

0 Likes
Reply
Ajit_kumar_Yadav

‎Feb 16 2021 08:59 AM

‎Feb 16 2021 08:59 AM

Re: Block Outlook-Client on unmanaged Win10

@NicklasAhlberg  yes, it will interfere in OneDrive/SFB and Teams .. I have tested on my environment 

0 Likes
Reply
best response confirmed by MarkusDi (Brass Contributor)
MarkusDi

‎Feb 21 2021 10:24 PM

‎Feb 21 2021 10:24 PM

Solution

Re: Block Outlook-Client on unmanaged Win10

now we use Windows Virtual Desktop and block private devices completly.

 

Thanks for your help.

 

Best regards,

Markus

0 Likes
Reply
MukeshKT

‎Feb 28 2023 12:17 PM

‎Feb 28 2023 12:17 PM

Re: Block Outlook-Client on unmanaged Win10

@MarkusDi  Is there a way to get a report for access to EXO using Outlook (or Other Rich Client) from Non-Managed Devices.

0 Likes
Reply
MarkusDi

‎Feb 28 2023 10:09 PM

‎Feb 28 2023 10:09 PM

Re: Block Outlook-Client on unmanaged Win10

@MukeshKT you can use AAD Sign In Logs for more information. If you redirect these logs zu Log-Analytics you can then use KQL for manual generate a report and / or to generate an alert rule.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by MarkusDi (Brass Contributor)
MarkusDi

‎Feb 21 2021 10:24 PM

‎Feb 21 2021 10:24 PM

Solution

Re: Block Outlook-Client on unmanaged Win10

now we use Windows Virtual Desktop and block private devices completly.

 

Thanks for your help.

 

Best regards,

Markus

View solution in original post

0 Likes
Reply