Share via

Block Native Mail App using Intune

Matt Dillon 1,211 Reputation points
2023-08-30T18:10:44.6533333+00:00

Client is asking to block Exchange/ O365 mail on Native mail app on devices. I built out the following two Conditional Access Policies:

Require approved client apps or app protection policy with mobile devices
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices

Block Exchange ActiveSync on all devices:

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#block-exchange-activesync-on-all-devices

On my test iPhone, I reboot the phone, launch Company Portal, policies apply and I try adding my tenant email and the policy works great and does not let me.

I then disable the policy, reboot the phone, launch Company Portal, let policies apply, and then successfully add my tenant email after signing in.

I then re-enable the policy, reboot the phone, launch Company Portal, let policies apply, but here is where the problem or my misunderstanding of what should happen lies - my Exchange mail remains active. I am able to send from this account on my iPhone and receive to this account as well.

What step am I missing to either block new email from coming or going from this account on my phone or ideally - how can I just have the exchange mail removed altogether automatically from the phone.

Thanks in advance.

Matt

Microsoft Intune iOS
Microsoft Intune iOS
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.iOS: An Apple mobile operating system.
202 questions
Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
266 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,807 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,729 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 46,171 Reputation points Microsoft Vendor
    2023-08-31T02:22:24.65+00:00

    @Matt Dillon, Thanks for posting in Q&A. For your issue, after researching, I think it can be related with "Sign-in frequency" in conditional access. When the time is not expired, the user still can access until user do the next sign in. So the user can still receive new mails during this time period. You can change the "Sign-in frequency" to see if it can help.

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.