Outlook downloading mail with just an internet connection

NP 396 Reputation points
2023-06-01T05:19:41.48+00:00

we are in an exchange 2019 hybrid setup with all our mailboxes stored in the cloud

We recently discovered that domain joined laptops running Microsoft 365 Outlook program are having their emails download/sync with just an internet connection i.e. with no Corporate LAN connectivity or VPN.

I believe it has something to do with with the Direct Connect feature but we have put in the suggested reg key 'ExcludeExplicitO365Endpoint' but the Outlook client is downloading mail. Am i missing something? Is there any other way to stop mail from downloading via outlook on domain joined laptops when they are not connected to our network? Would it need a conditional access policy?

Microsoft Exchange Online
Office
Office
A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,317 questions
Outlook
Outlook
A family of Microsoft email and calendar products.
3,009 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,895 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,559 questions
0 comments
Accepted answer
  1. Yuki Sun-MSFT 40,866 Reputation points
    2023-06-02T07:28:26.6166667+00:00

    Hi @NP,

    From the perspective of Exchange side, if client access rules hasn't been disabled in your tenant, you can create a client access rule to restrict user's Outlook access based on IP addresses:

    New-ClientAccessRule -Name "RestrictOutlookAccess" -Action DenyAccess -AnyOfProtocols OutlookAnywhere -ExceptAnyOfClientIPAddressesOrRanges <AllowedIPRanges>

    It's likely that it can also be realized using Conditional Access policies, so I'll add the tag as well so community members over there can also have a look at it.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest