Feb 15 2021 10:26 PM
Hi All,
my customer wants to block the Outlook-Client on unmanaged Win10-Devices (private PCs), but Teams-Client should work.
I´ve done some testing with Conditional Access, MCAS and App-Protection-Policies. But either Outlook-Client AND Teams-Client were blocked or only Teams-Client blocked and with Outlook-Client I got a connection to EXO.
Only Browser is not an option for my customer.
Any Ideas about this question?
Regards,
Markus
Feb 15 2021 10:35 PM - edited Feb 15 2021 10:37 PM
Hello @MarkusDi
I recommend that you use a Conditional Access policy and set it up to block non-compliant and non-Hybrid Azure AD joined devices. Please note that you would need an Exchange Online authentication policy to strictly forbid legacy authentication apps to connect. Legacy Authentication does not care for Conditional Access policies. Disable Basic authentication in Exchange Online | Microsoft Docs
//Nicklas Ahlberg
Feb 15 2021 11:03 PM
Hello @NicklasAhlberg
this Policy would block unmanaged devices completly.
But they should be able to use Teams-Client on unmanged devices. "only" the use of outlook-client should be restricted...
Regards,
Markus
Feb 16 2021 01:34 AM
You could try to just block Exchange Online app but I am sure it will probably interfere with some Teams, OneDrive and SPO functionality. In this case I would use MAM to deploy an MS Edge policy.
Feb 16 2021 08:59 AM
@NicklasAhlberg yes, it will interfere in OneDrive/SFB and Teams .. I have tested on my environment
Feb 21 2021 10:24 PM
Solutionnow we use Windows Virtual Desktop and block private devices completly.
Thanks for your help.
Best regards,
Markus
Feb 28 2023 12:17 PM
@MarkusDi Is there a way to get a report for access to EXO using Outlook (or Other Rich Client) from Non-Managed Devices.
Feb 28 2023 10:09 PM
@MukeshKT you can use AAD Sign In Logs for more information. If you redirect these logs zu Log-Analytics you can then use KQL for manual generate a report and / or to generate an alert rule.
Feb 21 2021 10:24 PM
Solutionnow we use Windows Virtual Desktop and block private devices completly.
Thanks for your help.
Best regards,
Markus