cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to stop users connecting to things with their work account from personal mobile

RippieUK
Brass Contributor

‎Jun 22 2020 01:06 AM

‎Jun 22 2020 01:06 AM

How to stop users connecting to things with their work account from personal mobile

Hi all, 

 

Not entirely sure how to word the title/subject but just wondered. If i wanted to stop myself from opening up my work email and calendar from the Outlook app on my personal mobile (because its not enrolled in Intune) how do i do that?

I'm guessing its something to do with MAM? but unsure on what i need to set it up or if we did want it how do we keep control over that bit? like delete data if a person leaves the company?

5,579 Views
0 Likes
6 Replies
Reply
6 Replies
ChristianBergstrom

‎Jun 22 2020 02:15 AM

‎Jun 22 2020 02:15 AM

Re: How to stop users connecting to things with their work account from personal mobile

@RippieUK Hey! I don't work with CA/Intune as we have a separate unit for that, but if I understand your question correct I believe you should use the Grant section in the policy and "require device to be marked as compliant" or "require approved client app" for example, to have them registered in AAD.

 

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-acces...

 

 

0 Likes
Reply
RippieUK

‎Jun 22 2020 02:54 AM

‎Jun 22 2020 02:54 AM

Re: How to stop users connecting to things with their work account from personal mobile

@ChristianBergstrom so CA is considered but not all our users are on a license that allow them CA hence why i wanted to know how to do this without CA. 

 

But if people want to set up work email on their personal phones, then at least we need to make sure its secure. :) hence why i thought of MAM

0 Likes
Reply
ChristianBergstrom

‎Jun 22 2020 05:49 AM

‎Jun 22 2020 05:49 AM

Re: How to stop users connecting to things with their work account from personal mobile

@RippieUK Hello! OK, you didn't mention all users aren't eligible for CA. Have you looked at this then? https://docs.microsoft.com/en-us/mem/intune/apps/mam-faq

 

And just to put it out there you also have the built-in MDM in Office 365 and in that case you would end up with Office 365 MDM Coexistence and the management authority being defined based on the license assigned to the user.

 

https://support.microsoft.com/en-gb/office/set-up-mobile-device-management-mdm-in-microsoft-365-dd89...

0 Likes
Reply
Moe_Kinani

‎Jun 22 2020 07:54 PM

‎Jun 22 2020 07:54 PM

Re: How to stop users connecting to things with their work account from personal mobile

RippieUK,

MAM should be the best fit for your scenario. You can assign PIN for all company apps, you can’t wipe the apps remotely but you can disable their users from O365 which prevent them from log in.

In Android, it forces them to install the Company Portal (They have to postpone without enrolling MDM) to all access to company data.

Good luck!
Moe
0 Likes
Reply
ChristianBergstrom

‎Jun 22 2020 11:02 PM

‎Jun 22 2020 11:02 PM

Re: How to stop users connecting to things with their work account from personal mobile

Hello Moe! Glad I pointed towards MAM then! I know this is your area of expertise :) Thanks for the input!
0 Likes
Reply
Peter Klapwijk

‎Jun 24 2020 03:17 AM

‎Jun 24 2020 03:17 AM

Re: How to stop users connecting to things with their work account from personal mobile

@RippieUK MAM is indeed a good way to go, but you need something to make sure those App protection (MAM) policies are applied to the mobile apps. For example to Outlook mobile when the users opens the mailbox, because that app supports these kind of policies. Most third-party mail apps don`t support these kind of policies. And that`s why CA policies are needed.

More on that can be found on my blog post https://www.inthecloud247.com/azure-ad-conditional-access-explained-android-and-ios/
If you have any questions, let me know!

0 Likes
Reply