In this blog post, we will see how to use conditional access to deny/block access to Office 365 Exchange Online (emails) from windows devices and mac devices .
conditional access allow access to company data only for authenticated users from compliant devices (If you apply conditional access to list of users ,device must enroll before they check for device compliance) from approved apps under the right conditions. More information about conditional access read from Technet https://docs.microsoft.com/en-us/intune/conditional-access
To block access to o365 exchange online (not for exchange on-prem) from windows and mac devices using mobile apps and desktop apps like outlook or other apps ,we need to create condition access policy with assignments and access controls.
to start with ,go to https://portal.azure.com ,click on Intune on the right side, click on Conditional access.
Click on Policies ,create New policy
Give the policy Name ,on the assignments ,click users and groups ,choose select users and groups ,on the right side ,you can choose users or groups or you can choose all users ,click Done
On the cloud apps, select the apps (in this case , office 365 exchange online) ,client done
On the conditions ,select device platforms ,choose windows and macOS (preview) ,client done
On the client apps ,choose mobile apps and desktop clients (since we have chosen only windows and mac, this will apply to desktop clients and no mobile apps) .
Click on access controls ,Grant ,Choose Block to deny access to exchange online if users connect from desktop clients using windows and mac (as per the above setting)
Click on Enable policy to save the changes and enable the policy
End user experience:
If user is trying to access access exchange online using native app (that comes with windows 10 by default or desktop clients) from windows or mac device for emails ,they will straight away hit following error message which is coming from conditional access.
Hope it helps!
References :
Conditional access https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access
Protect access to email, Office 365, and other services with Microsoft Intune https://docs.microsoft.com/en-us/intune-classic/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune
4 Comments
Pingback: block login to ms 365 from home - bestdatatoday
Pingback: block access to app login - bankschools.com
I also have the issue where an already configured Mac client continue to receive and send mail with policy in place
Hi,
I'm testing around this scenary.
Firstly I blocked totally access to Exchange Online.
It seem works. If I try to setup an Outlook client from PC or Android phone it's not possible.
However, if mailbox is already configured, it continue send and receive mails.
How is possible?
How can I force to close the session already open?
Thank you.
Regards.