Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)
SOLVED

How to protect/restrict access to work emails in native email clients?

%3CLINGO-SUB%20id%3D%22lingo-sub-3018298%22%20slang%3D%22en-US%22%3EHow%20to%20protect%2Frestrict%20access%20to%20work%20emails%20in%20native%20email%20clients%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3018298%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20starting%20with%20Intune%20and%20trying%20to%20figure%20out%20about%20how%20to%20restrict%20access%20or%20apply%20App%20policy%20to%20work%20emails%20when%20users%20already%20have%20their%20work%20account%20added%20to%20native%20email%20clients%20on%20their%20personal%20devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20found%20a%20guide%20about%20how%20to%20FORCE%20users%20(via%20Conditional%20Access%20)%20to%20use%20Outlook%20when%20adding%20their%20Online%20Exchange%20account%20to%20native%20app.%20However%2C%20canot%20find%20about%20how%20to%20protect%20the%20emails%20when%20users%20already%20have%20the%20account%20linked%20in%20theyr%20personal%20phones.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20also%20configured%20App%20Proteciton%20Poilcy%20via%20Intune%20to%20restrict%20Copy%2FPaste%2C%20Saving%2C%20and%20other%20things%2C%20but%20it%20does%20not%20have%20any%20effect%20on%20the%20situation%20above.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20best%20way%20to%20do%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3018298%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEmail%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Application%20Management%20(MAM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3018852%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20protect%2Frestrict%20access%20to%20work%20emails%20in%20native%20email%20clients%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3018852%22%20slang%3D%22en-US%22%3EThank%20you%20for%20answer....%20I've%20been%20testing%20it%20a%20bit%20furhter%20and%20when%20I%20applied%20App%20Protection%20and%20Conditional%20Access%2C%20it%20seems%20to%20be%20working%20like%20this%3A%3CBR%20%2F%3E%3CBR%20%2F%3E-the%20native%20email%20client%20does%20not%20sync%20anymore%20with%20exchange%20so%20not%20receiving%20new%20emails%3CBR%20%2F%3E-I'm%20still%20able%20to%20do%20whatever%20I%20want%20with%20data%20from%20old%20work%20emails%20though%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20this%20the%20expected%20behaviour%3F%20I%20guess%20there%20is%20no%20chance%20apply%20App%20Protection%20policy%20to%20the%20older%20emails%20that%20were%20received%20in%20native%20email%20client%20(such%20as%20copy%2Fpaste%2C%20etc)%3F%3C%2FLINGO-BODY%3E
Contributor

Hi all,

 

I'm starting with Intune and trying to figure out about how to restrict access or apply App policy to work emails when users already have their work account added to native email clients on their personal devices.

 

I've found a guide about how to FORCE users (via Conditional Access ) to use Outlook when adding their Online Exchange account to native app. However, canot find about how to protect the emails when users already have the account linked in theyr personal phones.

 

I've also configured App Proteciton Poilcy via Intune to restrict Copy/Paste, Saving, and other things, but it does not have any effect on the situation above.

 

What is the best way to do it?

5 Replies
You must combine them... Use App Protection to protect the data in outlook... and a conditional access rule to require approved apps. (android native mail app isn't approved and also app protection doesnt work)

https://docs.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps

So blocking access to make sure they need to start using outlook and use app protection on it... You have to start somewhere ;)
Thank you for answer.... I've been testing it a bit furhter and when I applied App Protection and Conditional Access, it seems to be working like this:

-the native email client does not sync anymore with exchange so not receiving new emails
-I'm still able to do whatever I want with data from old work emails though

Is this the expected behaviour? I guess there is no chance apply App Protection policy to the older emails that were received in native email client (such as copy/paste, etc)?
best response confirmed by MiSum83 (Contributor)
Solution
Hi

Nope... The native mail app isnt supported for app protection. so protection the data in it, isn't possible
got it... At least I know how it works now :)

Thank you Rudy.
I'm a new beginning on access