How to stop users connecting to things with their work account from personal mobile


Hi all, 


Not entirely sure how to word the title/subject but just wondered. If i wanted to stop myself from opening up my work email and calendar from the Outlook app on my personal mobile (because its not enrolled in Intune) how do i do that?

I'm guessing its something to do with MAM? but unsure on what i need to set it up or if we did want it how do we keep control over that bit? like delete data if a person leaves the company?

6 Replies

@RippieUK Hey! I don't work with CA/Intune as we have a separate unit for that, but if I understand your question correct I believe you should use the Grant section in the policy and "require device to be marked as compliant" or "require approved client app" for example, to have them registered in AAD.



@ChristianBergstrom so CA is considered but not all our users are on a license that allow them CA hence why i wanted to know how to do this without CA. 


But if people want to set up work email on their personal phones, then at least we need to make sure its secure. :) hence why i thought of MAM

@RippieUK Hello! OK, you didn't mention all users aren't eligible for CA. Have you looked at this then?


And just to put it out there you also have the built-in MDM in Office 365 and in that case you would end up with Office 365 MDM Coexistence and the management authority being defined based on the license assigned to the user.


MAM should be the best fit for your scenario. You can assign PIN for all company apps, you can’t wipe the apps remotely but you can disable their users from O365 which prevent them from log in.

In Android, it forces them to install the Company Portal (They have to postpone without enrolling MDM) to all access to company data.

Good luck!
Hello Moe! Glad I pointed towards MAM then! I know this is your area of expertise :) Thanks for the input!

@RippieUK MAM is indeed a good way to go, but you need something to make sure those App protection (MAM) policies are applied to the mobile apps. For example to Outlook mobile when the users opens the mailbox, because that app supports these kind of policies. Most third-party mail apps don`t support these kind of policies. And that`s why CA policies are needed.

More on that can be found on my blog post
If you have any questions, let me know!