How can I restrict users to using Outlook to access emails on both managed and unmanaged devices and prevent them from using IMAP clients (e.g. Mozilla Thunderbird) using Conditional Access Policies?

Anindya Kumar Banerjee 181 Reputation points

Redirect from I have enabled IMAP protocol on one shared and one delegate mailbox. So that an application with delegated graph permissions can read emails from the mailbox using OAUTH 2.0. I want to ensure users do not use an IMAP client (e.g. Mozilla Thunderbird) to read emails on either managed or unmanaged devices.

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,649 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sandeep G-MSFT 13,486 Reputation points Microsoft Employee

    @Anindya Kumar Banerjee
    Thank you for posting this in Microsoft Q&A. Blocking outlook alone on a device is not possible. Because there are some other services also that depends on outlook, like teams etc.

    To block them via conditional access policy you can configure Azure to block any request which is not coming from approved client apps or app protection policy. Below are the list of approved client apps, User's image

    Outlook is also part of approved client apps. And regarding blocking clients on accessing exchange online from IMAP clients you can configure "other clients" option under conditions in conditional access policy. "Other clients" include all clients which uses POP, IMAP, SMTP etc protocols. User's image

    Let me know if you have any further questions. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. David Broggy 5,581 Reputation points MVP