Nov 09 2017 10:49 PM
Is there a way to block Android for Work users to connect to Office 365 with apps that are installed outside of the work profile?
For example on my Android for Work capable device I have a work profile with eg. Outlook, which I can use to read my mail. However, i'm also able to use the Outlook app in my personal space to connect to Office 365, I was kinda expecting to only be able to connect to Office 365 from my work profile (?)
May 29 2022 01:59 AM
May 29 2022 05:57 AM
@Oktay Sarihere's how i achieved the configuration:
1. created a CA policy BLOCKING every application except "microsoft intune" and "microsoft intune enrollment", applied to IOE a Android devices. The app exception are needed because otherwise you cannot do anything on the personal profile, also register the device is blocked.
2. THEN i create a second CA policy, that grant access to all cloud apps requesting app protection policy
And the of course i created an app protection policy targeting "all apps on all devices".
Result
- if the device is not enrolled, you can't access anythign anything
- if the device is enrolled, you can only use tenant's app in the work profile
This is exactly what i wanted.
Thanks to everyone for your help
Jul 21 2022 09:27 AM