One of our crew, Nick Thomas, wrote a great blog on “The Ultimate Guide to Microsoft Intune”. It’s a great read, so if you are new to Microsoft Intune and are interested in how the platform can benefit your organisation, I encourage you to take a look. For those of you who have already adopted Microsoft Intune, please continue reading!
Recently, I’ve been involved in large transformation engagement for one of our customers which included the provisioning a greenfield Microsoft 365 tenant and migrating numerous other tenants into the new tenant. There were several considerations to keep in mind within this project, and we touched on every aspect of Microsoft 365 during the engagement. The customer has a strict service catalogue of supported apps within their environment with a mix of end users using either corporate and/or personal devices. The customer had one essential criteria for their mobile devices – email access was to be restricted to Microsoft Outlook only.
RESOLUTION
To meet this requirement a Conditional Access policy (What is Conditional Access in Azure Active Directory? – Microsoft Entra | Microsoft Learn) was required to enforce the use of the Microsoft Outlook app on mobile devices.
I have detailed this below so your life will hopefully be made a little easier if you also need to implement this requirement:
- Browse to > the Microsoft Intune admin centre > Endpoint Security > Conditional Access > Policies > + New policy

- Create a new policy, and provide a unique name (e.g.: Exchange Online – iOS, Android; Mobile Apps; Require approved client app)
- Within Cloud apps or actions we want to select “Office 365 Exchange Online”

- Under Device Platforms, select your supported mobile platforms

- Under Client Apps, select the following

- Under Grant, select the following

It is worth noting, you should only target a specific subset of users for this Conditional Access policy before you roll it out. As once this has been implemented and targeted to all users, any non-compliant users will be forced to install and configure Microsoft Outlook to regain access to their mailbox!
Wrapping up
Consider implementing this configuration to initiate the adoption of the Microsoft Outlook app across your mobile devices. This Conditional Access policy can be enhanced to require an applicable Intune app protection policy (App protection policies overview – Microsoft Intune | Microsoft Learn) be applied to users to further secure and control organisational data on mobile devices.
Tune in for a future post covering all things Intune app protection policies: how to manage, and report on, organisational data on corporate and personal devices.
If you want to know any further information around adopting Microsoft Intune and how Insentra can help, our Microsoft FastTrack services may be exactly what you are looking for!
Hopefully, this has been informative and helpful! If you need any further clarification, or a no thrills chat, contact us at Insentra.