Close Menu
    Facebook X (Twitter) Instagram
    Tuesday, May 20
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»Intune»Conditional Access»Conditional Access to deny /block access to exchange online from windows and mac devices

    Conditional Access to deny /block access to exchange online from windows and mac devices

    Eswar KonetiBy Eswar KonetiOctober 10, 6:42 pm2 Mins Read Conditional Access 10,729 Views
    Share
    Facebook Twitter LinkedIn Reddit

    In this blog post, we will see how to use conditional access to deny/block access to Office 365 Exchange Online (emails) from windows devices and mac devices .

    conditional access allow access to company data only for authenticated users from compliant devices (If you apply conditional access to list of users ,device must enroll before they check for device compliance) from approved apps under the right conditions. More information about conditional access read from Technet https://docs.microsoft.com/en-us/intune/conditional-access

    To block access to o365 exchange online (not for exchange on-prem) from windows and mac devices using mobile apps and desktop apps like outlook or other apps ,we need to create condition access policy with assignments and access controls.

    to start with ,go to https://portal.azure.com ,click on Intune  on the right side, click on Conditional access.

    image

    Click on Policies ,create New policy

    SNAGHTML2c2ab2d2

    Give the policy Name ,on the assignments ,click users and groups ,choose select users and groups ,on the right side ,you can choose users or groups or you can choose all users ,click  Done

    SNAGHTML2c3fa8f3

    On the cloud apps, select the apps (in this case , office 365 exchange online) ,client done

    image

    On the conditions ,select device platforms ,choose windows and macOS (preview)  ,client done

    image

    On the  client apps ,choose mobile apps and desktop clients (since we have chosen only windows and mac, this will apply to desktop clients and no mobile apps) .

    SNAGHTML2ce127e6

    Click on access controls ,Grant ,Choose Block to deny access to exchange online if users connect from desktop clients using windows and mac (as per the above setting)

     

    image

    Click on Enable policy to save the changes and enable the policy

    image

    End user experience:

    If user is trying to access access exchange online using native app (that comes with windows 10 by default or desktop clients) from windows or mac device for emails ,they will straight away hit following error message which is coming from conditional access.

    SNAGHTML2cb5327f

     

    Hope it helps!

    References :

    Conditional access https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access

    Protect access to email, Office 365, and other services with Microsoft Intune https://docs.microsoft.com/en-us/intune-classic/deploy-use/restrict-access-to-email-and-o365-services-with-microsoft-intune

    block emails conditional access deny access to office 365 apps from windows and mac exchange online intune protect emails from unauthrised devices
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    4 Comments

    1. Pingback: block login to ms 365 from home - bestdatatoday

    2. Pingback: block access to app login - bankschools.com

    3. Dex on July 30, 2021 6:34 AM

      I also have the issue where an already configured Mac client continue to receive and send mail with policy in place

      Reply
    4. Eduardo Recuero García on November 6, 2018 6:50 PM

      Hi,
      I'm testing around this scenary.
      Firstly I blocked totally access to Exchange Online.
      It seem works. If I try to setup an Outlook client from PC or Android phone it's not possible.
      However, if mailbox is already configured, it continue send and receive mails.
      How is possible?
      How can I force to close the session already open?

      Thank you.
      Regards.

      Reply

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.