SOLVED

Intune and Global Email sync block rule

%3CLINGO-SUB%20id%3D%22lingo-sub-1979758%22%20slang%3D%22en-US%22%3EIntune%20and%20Global%20Email%20sync%20block%20rule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1979758%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20have%20a%20global%20block%20rule%20on%20Exchange%20Online.%26nbsp%3B%20We%20then%20use%20our%20Sophos%20MDM%20EAS%20proxy%20to%20authorise%20devices%20for%20email%20sync%20that%20are%20in%20a%20compliant%20state.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20at%20moving%20our%20MDM%20to%20Intune%20and%20want%20to%20set%20up%20some%20test%20devices.%26nbsp%3B%20Does%20anyone%20know%20how%20I%20can%20implement%20a%20similar%20setup%20with%20Intune%20so%20that%20compliant%20devices%20can%20be%20made%20exceptions%20to%20the%20global%20block%20rule%20to%20allow%20them%20to%20sync%20email.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1979758%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1982673%22%20slang%3D%22en-US%22%3ERe%3A%20Intune%20and%20Global%20Email%20sync%20block%20rule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1982673%22%20slang%3D%22en-US%22%3EYou%20should%20look%20into%20Conditional%20Access.%20Here%20you%20can%20configure%20which%20users%20can%20receive%20access%20to%20corporate%20resources.%20You%20could%20create%20a%20conditional%20access%20policy%20and%20scope%20it%20to%20a%20specific%20set%20of%20users.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fhowto-conditional-access-policy-compliant-device%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fhowto-conditional-access-policy-compliant-device%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

We currently have a global block rule on Exchange Online.  We then use our Sophos MDM EAS proxy to authorise devices for email sync that are in a compliant state.

 

I am looking at moving our MDM to Intune and want to set up some test devices.  Does anyone know how I can implement a similar setup with Intune so that compliant devices can be made exceptions to the global block rule to allow them to sync email.

 

Thank you.

2 Replies
best response confirmed by Swanny (New Contributor)
Solution
You should look into Conditional Access. Here you can configure which users can receive access to corporate resources. You could create a conditional access policy and scope it to a specific set of users.
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...

@Thijs Lecomte 

 

Thank you I will take a look :)