Conditional access for mobiles: Android and iOS

Mateusz Michalak 0 Reputation points
2024-11-06T09:29:40.34+00:00

Hi everyone,

I am asking for support,

When I try to add a business account in a native application such as gmail on an unregistered cell phone, after specifying only the business email address and domain password = access is not possible (correct operation), I get the message that I need to download the Intune application and register the phone.

Please suggest how to block with conditional access (or otherwise) the ability to add a business email account by specifying in an application such as gmail: mail server, domain, username and password. After specifying these parameters, the business account is added correctly, mail also synchronizes. We are anxious to block access from unauthorized devices. The test phone is not registered with Intune. Conditional access rules for both platforms (Android and iOS) have been created. Specific user groups are included, target resources are Office 365 and Office 365 Exchange Online, conditions: client apps - all 4 included, authentication flows (preview) is device code flow and grants: 4 selected controls - Require multifactor authentication, Require device to be marked as compliant and Require approved client application.

In the sample pictures, the attempt is made on an iPhone.

Thanks in advance for all the answers
img1.jpg
img3.jpg

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
40,601 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
446 questions
Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
242 questions
Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
317 questions
Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
171 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 14,870 Reputation points Microsoft Vendor
    2024-11-07T05:50:43.9633333+00:00

    @Mateusz Michalak, Thanks for posting in Q&A.

    From your description, I know you want to block adding business email account by specifying in an application such as gmail: mail server, domain, username and password via conditional access policy.

    Based on my research, we can block all email apps except Outlook for iOS and Android using conditional access and it will take some time that the CA is working.

    https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#block-all-email-apps-except-outlook-for-ios-and-android-using-conditional-access

    Also, here are links about blocking exchange online email on unmanaged devices you can refer.

    https://www.cloudtekspace.com/post/block-exchange-online-email-on-unmanaged-devices

    Non-official, just for reference.

    https://learn.microsoft.com/en-us/mem/intune/protect/tutorial-protect-email-on-unmanaged-devices

    Hope above information can help you.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.