In Part 1 I described the Conditional Access scenario where you want to combine both Device and App Conditional Access for a single user. This series of blog posts is focusing on the Exchange Online. The first post of the series described how to configure Conditional Access to enforce MFA on accessing Exchange Online through for browser access and how to enforce a compliant device for Exchange Online ActiveSync. In this part I want to focus on configuring Conditional Access for the Exchange Online Apps. I want to achieve the following: when the device is MDM enrolled MAM with Enrollment should be applied on MAM capable apps and on these devices the user should be able to configure apps which are using ActiveSync (like the Inbox mailapps on Android and iOS). On devices which are not MDM enrolled the user should only be able to configure the Outlook App for Exchange Online. When the device is not MDM enrolled the user is not allowed to use and configure non-MAM capable apps. My ultimate goal is to provide these scenarios for each of the platforms: Windows, Android and iOS.
Continue reading
Conditional Access
Using AzureAD Conditional Access to block a Native App
StandardLast week I was asked to research a scenario where the customer wants to block the use of a native app and only want to allow the browser experience from compliant devices. My first answer was that this was difficult to implement. But after looking into AzureAD Conditional Access it was relative easy to configure. In this series of blogposts I’m using Microsoft Teams as an example. I’m focusing on these scenario’s: The first scenario is blocking the Microsoft Teams Native App and only allow browser access to Microsoft Teams and the second scenario is to only allow the Microsoft Teams app and blocking the browser access.