Forum Discussion
Conditional Access native iOS mail app works - but not if manually configured or if mail already set
- The first policy (legacy) should block access. It's also recommended to make one policy for active sync and one for other clients. Make sure to exclude service accounts that doesn't support modern authentication.
I would monitor the sign-in log and look for logins from other client and active sync (unsupported) before doing this in production.
JT
I would monitor the sign-in log and look for logins from other client and active sync (unsupported) before doing this in production.
JT
jenstf- Many thanks - this has helped clarify some things in my head
1 last question on this if that's ok:
It's also recommended to make one policy for active sync and one for other clients.
Would you essential be creating 3 for this? i.e.
Or would you always combine, say, Exchange ActiveSync + Apply policy only to supported platforms in one policy?
Adam
Adam Weldon-Ming In my policies I don't use "Apply policy only to supported platforms". The documentation isn't clear on what that choice actually is good for. i.e. Linux isn't a supported platform and will then bypass this policy.
I have one policy with "Exchange active sync clients" and one for "other clients".Thanks a lot jenstf
I've separated them out into 2 policies and this has forced my test iPhone's to get the message to enroll the phones. Rather than blocking the e-mail entirely and I cannot configure manually any more.
My main problem here was patience :)
Adam Weldon-Ming could you summarize and provide us with the final conditional access policies?
I have the same problem. I push an E-Mail profile (via the Device Configuration Profile) to the devices. However, I want the native Mail app to be blocked.
Best regards,
Labinot
