May 10 2018 04:46 AM
May 11 2018 05:29 AM
May 21 2018 07:29 AM
As Alexander said you can use Conditional Access and allow approved apps only. But remember conditional access works with modern authentication. If an app uses legacy auth (basic auth, etc) like for example Exchange ActiveSync you will not block it with Conditional Access unless you take additional steps like EAS Quarantine. But even then you have still POP, SMTP, EWS, etc. Therefore you would need to block this via ADFS for example or wait until Conditional Access is able to block legacy auth also.
May 21 2018 02:52 PM
Does conditional access work for third party (non Microsoft) applications? Is the Intune SDK or Intune wrapper required to enable conditional access when using Intune MAM?
May 22 2018 12:36 AM
Conditional access and MAM are complitely different things.
In order to block app using Condtional Access, application needs to be integrated with Azure AD. After that you will be able to select app as target for CA Policy.
MAM policy can be deployed to any mobile application with Intune SDK. To target MAM policy for app, you just need to add bundleID on stage of targeting app protection policy.
In easy terms, CA policy is checking your connection to meet required conditons (risk level, app used, location) and MAM policy is controlling what you can do with corporate data in mobile application.
Sep 08 2022 05:24 AM
Hi @BUBCEN! You're resurrecting a four-year-old thread here. More importantly: I don't think any of the answers here are aimed towards blacklisting (as in preventing the use and/or installation of) apps.
The "Conditional Access" route mainly allows you to determine which apps are allowed to connect to a web service (like Exchange Online). If you really want to prevent the use (and, once again, installation) of certain apps, you'll want to have a look at Application Control/AppLocker.
I recommend this post by @Rudy_Ooms_MVP: Configure Windows Defender Application Control | WDAC (call4cloud.nl).