Disallow O365 access from 'outside' of the Android for Work work profile?

%3CLINGO-SUB%20id%3D%22lingo-sub-126521%22%20slang%3D%22en-US%22%3EDisallow%20O365%20access%20from%20'outside'%20of%20the%20Android%20for%20Work%20work%20profile%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126521%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20block%20Android%20for%20Work%20users%20to%20connect%20to%20Office%20365%20with%20apps%20that%20are%20installed%20outside%20of%20the%20work%20profile%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%20on%20my%20Android%20for%20Work%20capable%20device%20I%20have%20a%20work%20profile%20with%20eg.%20Outlook%2C%20which%20I%20can%20use%20to%20read%20my%20mail.%20However%2C%20i'm%20also%20able%20to%20use%20the%20Outlook%20app%20in%20my%20personal%20space%20to%20connect%20to%20Office%20365%2C%20I%20was%20kinda%20expecting%20to%20only%20be%20able%20to%20connect%20to%20Office%20365%20from%20my%20work%20profile%20(%3F)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-126521%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-543820%22%20slang%3D%22en-US%22%3ERe%3A%20Disallow%20O365%20access%20from%20'outside'%20of%20the%20Android%20for%20Work%20work%20profile%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-543820%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5941%22%20target%3D%22_blank%22%3E%40Joe%20Stocker%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20review%20this%20answer%2C%20and%20I%20would%20like%20to%20know%20if%20is%20this%20still%20valid%20or%20does%20now%20exist%20some%20way%20to%20achieve%20blocking%20access%20from%20non%20work%20profile%20apps%20to%2C%20for%20example%2C%20Outlook%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advanced%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126530%22%20slang%3D%22en-US%22%3ERe%3A%20Disallow%20O365%20access%20from%20'outside'%20of%20the%20Android%20for%20Work%20work%20profile%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126530%22%20slang%3D%22en-US%22%3E%3CP%3EYeah%26nbsp%3B%20that's%20what%20I%20figured%2C%20but%20still%20I%20think%20its%20strange%20that%20you%20can't%20restrict%20access%20to%20O365%20to%20just%20the%20work%20profile.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20still%20need%20to%20have%20all%20kind%20of%20MAM%20policies%2C%20why%20would%20I%20still%20want%2Fneed%20Android%20for%20Work%20capability%3F%20It%20feels%20like%20AfW%20doesn't%20really%20add%20anything%20extra%20in%20regards%20of%20security....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-126524%22%20slang%3D%22en-US%22%3ERe%3A%20Disallow%20O365%20access%20from%20'outside'%20of%20the%20Android%20for%20Work%20work%20profile%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-126524%22%20slang%3D%22en-US%22%3ENo%2C%20however%2C%20you%20can%20use%20Intune%20Mobile%20Application%20Management%20to%20wipe%20the%20data%20from%20the%20personal%20profile%20which%20should%20address%20the%20concern.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapp-management%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fapp-management%3C%2FA%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Is there a way to block Android for Work users to connect to Office 365 with apps that are installed outside of the work profile? 

 

For example on my Android for Work capable device I have a work profile with eg. Outlook, which I can use to read my mail. However, i'm also able to use the Outlook app in my personal space to connect to Office 365, I was kinda expecting to only be able to connect to Office 365 from my work profile (?)

3 Replies
Highlighted
No, however, you can use Intune Mobile Application Management to wipe the data from the personal profile which should address the concern.
https://docs.microsoft.com/en-us/intune/app-management
Highlighted

Yeah  that's what I figured, but still I think its strange that you can't restrict access to O365 to just the work profile.

 

If I still need to have all kind of MAM policies, why would I still want/need Android for Work capability? It feels like AfW doesn't really add anything extra in regards of security....

Highlighted

Hello@Joe Stocker 

I have review this answer, and I would like to know if is this still valid or does now exist some way to achieve blocking access from non work profile apps to, for example, Outlook?

 

Thanks in advanced