Hello everyone!
I would like to know if there is a possible solution to our request.
We recently started using Microsoft Endpoint Manager (Intune) for managing companies and employees mobile devices (Android and iOS). We already enrolled more then 500 devices and device management is working super.
We would like to secure device management so that devices that are not managed by Microsoft Endpoint Manager (Intune) won't have any access to O365 services. We would like to achieve that users couldn't add mail profiles to unmanaged devices (not to allow adding mail profile to native iOS and Android applications). But at the same time we have a requirement for iOS users to use Apple Mail app for enrolled devices.
I have tested this with setting up App protection policies and conditional access. I was able to achieve that unmanaged devices are not able to add mail profile to native mail applications. But issue I have now is that if I enroll new device access to mail is not configured because conditional access policy.
Is this something that can be configured?