Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)
SOLVED

Mobile device mailbox policies vs. Intune compliance policies

Occasional Contributor

Hello 

I have a high level executive that wants to use the native outlook client that comes built in with iOS. I know about the "apple internet" app in azure, so i know i can achieve modern auth. The question i have is how can i compare the "Mobile device mailbox policy" settings against what is offered in a compliance policy in Intune ?

7 Replies
Hi,

You can go through the documentation below, I think you need to compare against Compliance Policy and more importantly App Protection Policy.
Are you trying to disable un-approved apps from accessing your email? If yes, use combination of App Protection Policy and Conditional Access.

Hope this helps!
Moe

https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios

https://docs.microsoft.com/en-us/exchange/clients/exchange-activesync/mobile-device-mailbox-policies...

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-policy-approved-app...
I am not exactly sure what you are asking but
+1 App Protection as it is really important and the native email app on an Ios is not capable of having app protection applied.
What i am asking, is a comparison between what a compliance policy in Intune, vs. aa mobile device mailbox policy. What policy settings are similar, where is there overlap between the two. I have found what i was looking for. Below links detail what is available . Regarding App protection policies not being available when using the native email app for iOS mail client. Can you point me to a link that talks about this ?
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/...
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-ios
This is the list for apps that do support app protection policies
https://docs.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps#microsoft-apps
If its not on the list... you know the answer..
Device Mailbox Policy --> you set the things that are checked if you are compliant
Compliance Policy --> you check the things that are set to be compliant
Something like this?
Got it. So even if the device is managed through Intune, and we allow the native iOS mail client, we cant create an app protection policy to prevent the user from merging company data with personal data, Is this correct ?
best response confirmed by skipster311-175 (Occasional Contributor)
Solution
Yes indeed... the native mail client cant be targetted with app protection so when you are stepping it up a notch and creating a conditional access rule to require app protection.... you will be blocked