cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Conditional Access question - Native email (iOS) and Block Exchange Active Sync

Simon Håkansson
Brass Contributor

‎Nov 03 2020 10:40 AM - last edited on ‎Jan 14 2022 04:28 PM by

‎Nov 03 2020 10:40 AM - last edited on ‎Jan 14 2022 04:28 PM by

Conditional Access question - Native email (iOS) and Block Exchange Active Sync

I have a Conditional Access policy that blocks Exchange Active Sync Clients.

 

Earlier I experienced that the native mail on iOS was blocked, but these days the native mail works fine even though this CAP (Active Sync - Block) is active. Is that because the native email-app in iOS got support for Oauth in iOS12+? Is it correct to state that the "Block Active Sync"-CAP only blocks Active Sync when the client uses Basic Authentication? Which means that if the email client is using active sync as a mail protocol but modern auth as authentication, it will not become blocked?

 

So if we really want to turn off Active Sync (even though it's modern authentication) we need to use this? https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...

 

Another way would be using supported app and or app protection (since none of that is supported for the native mail) but I thought that "Block Active Sync" should disable the native mail app, but I guess I haven't been keeping up. 

6,218 Views
1 Like
2 Replies
Reply
2 Replies
best response confirmed by Simon Håkansson (Brass Contributor)
Thijs Lecomte

‎Nov 07 2020 06:45 AM

‎Nov 07 2020 06:45 AM

Solution

Re: Conditional Access question - Native email (iOS) and Block Exchange Active Sync

This is true. Apple now supports OAuth and is being recognized as 'Modern desktop application'.
In order to block the iOS app you have two options:
- Require an approved app/app protection policy like you mentioned
- Disable the 'enterprise application' 'iOS accounts' which iOS uses in the background
0 Likes
Reply
Simon Håkansson

‎Nov 07 2020 07:15 AM

‎Nov 07 2020 07:15 AM

Re: Conditional Access question - Native email (iOS) and Block Exchange Active Sync

@Thijs Lecomte Great, thanks for the clarification. :cool:

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Simon Håkansson (Brass Contributor)
Thijs Lecomte

‎Nov 07 2020 06:45 AM

‎Nov 07 2020 06:45 AM

Solution

Re: Conditional Access question - Native email (iOS) and Block Exchange Active Sync

This is true. Apple now supports OAuth and is being recognized as 'Modern desktop application'.
In order to block the iOS app you have two options:
- Require an approved app/app protection policy like you mentioned
- Disable the 'enterprise application' 'iOS accounts' which iOS uses in the background

View solution in original post

0 Likes
Reply