cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restrict O365 to managed mobile browser

Alistair Trigg
Brass Contributor

‎Aug 01 2018 07:05 AM

‎Aug 01 2018 07:05 AM

Restrict O365 to managed mobile browser

Hi

 

I have set up app protection policies for users on unmanaged mobile devices, These work fine but to stop staff getting round the controls I want to restrict their access to our O365 portal from browsers on these devices but not laptops. Is there a simple way to configure this?

4,562 Views
0 Likes
6 Replies
Reply
6 Replies
Oliver Kieselbach

‎Aug 01 2018 07:24 AM

‎Aug 01 2018 07:24 AM

Re: Restrict O365 to managed mobile browser

Hi Alistair,

 

I would build a Conditional Access rule to require approved apps targeted to your iOS and Android not Windows. This would force people to access your services via the MS apps which includes the Managed Browser:

 

CARequireApprovedApps.png

Approved apps list can be seen here: https://aka.ms/supportedmamapps

 

best,

Oliver

0 Likes
Reply
Alistair Trigg

‎Aug 01 2018 07:45 AM

‎Aug 01 2018 07:45 AM

Re: Restrict O365 to managed mobile browser

Hi

 

Thanks you have confirmed that I am in the right place but maybe I was looking at it from the wrong angle. So I had selected cloud apps - O365 exchange online, condition - browsers, access control - block.

 

I was assuming that this would block any access to O365 in a browser on a mobile device but it doesn't seem to?

0 Likes
Reply
Oliver Kieselbach

‎Aug 01 2018 07:55 AM - edited ‎Aug 01 2018 07:56 AM

‎Aug 01 2018 07:55 AM - edited ‎Aug 01 2018 07:56 AM

Re: Restrict O365 to managed mobile browser

Hm... I never tried it that way but I see another attack vector when designing it with a block rule. If someone builds an app which allows web requests by individual input, a kind of custom browser, this will not be recognized by the block rule. So I would prefer the way to limit the users to approved apps.

0 Likes
Reply
Alistair Trigg

‎Aug 01 2018 08:03 AM

‎Aug 01 2018 08:03 AM

Re: Restrict O365 to managed mobile browser

Hi

 

Good point and I have found that my rule is now blocking my laptop access to O365 so it doesn't work. i have the apps controlled using app policies but I can't get my head around how I stop a user just adding the portal.office.com url in chrome on the mobile and logging into our tenant. I might be missing something here so apologies

0 Likes
Reply
Oliver Kieselbach

‎Aug 01 2018 11:53 PM

‎Aug 01 2018 11:53 PM

Re: Restrict O365 to managed mobile browser

So you want entirely stop users from using the web browser for access? 

I would use the same strategy as described above here to. Force users to allow access only by approved apps and then configure the Intune Managed Browser with an app configuration policy to block everything except what you want them to have. No more browser usage except the managed one and this one is strictly controlled by IT. This would be the way to go I think.

0 Likes
Reply
Alistair Trigg

‎Aug 02 2018 02:09 AM

‎Aug 02 2018 02:09 AM

Re: Restrict O365 to managed mobile browser

Hi

 

Thanks for that. I'll give it a go

 

Alistair

0 Likes
Reply