NO this does not work .
This blocks ActiveSync for everyone
block mobile access exchange online
so we have some users that have figured out how to add company email (exchange online) to their personal mobile devices) These Devices are not being managed by Intune so we really dont have any control over them as far as remote wipe capability or application control. How can we block this from happening ?. Can we also Allow this functionality for a select group of users?
Thanks,
-
dirkdigs 921 Reputation points
2021-06-17T16:32:24.097+00:00
6 additional answers
Sort by: Most helpful
-
Andy David - MVP 147.4K Reputation points MVP
2021-06-16T15:07:59.407+00:00 Block by requiring the devices to be compliant
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android -
dirkdigs 921 Reputation points
2021-06-16T15:12:54.117+00:00 we are not using conditional access in this tenant . we are using security defaults.
i believe conditional access is required for this approach ? -
dirkdigs 921 Reputation points
2021-06-16T16:01:27.08+00:00 fair enough . i though there may be some way to block ActiveSync on a per user basis like such with exchange on-prem.
Microsoft Outlook for iOS and Android uses ActiveSync correct?
If i disabled Activesync for a specific users mailbox would that not block them from adding exchange mailbox on the phone ? -
Andy David - MVP 147.4K Reputation points MVP
2021-06-16T16:26:21.263+00:00 You can block Outlook Mobile specifically:
set-casmailbox <user> -OutlookMobileEnabled $false
https://learn.microsoft.com/en-us/powershell/module/exchange/set-casmailbox?view=exchange-ps
You can also block ActiveSync of course
or block by device or use rules:
https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#option-1-block-all-email-apps-except-outlook-for-ios-and-android