This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 86%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello Community,
we using Conditonal for our Mobile Devices. Goal is, that Users are only possible to Log into EXO when their phone is registered in Intune and has the Company Portal installed. Outlook should be the only App which is allowed to connect to EXO, when the devices is registered.
I followed the Technet Guide: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android
I set up everthing accordingly.
What works is, when i log into the Outlook APP, it says i have to first download the Company Portal. Otherwise i cant connect. So thats works fine.
But when i use Gmail for example i can Login into EXO without any issue. It doesnt block me or asks for the App to be downloaded.
To block the Gmail registration, i found out that blocking the legacy Authenticiation should be the way to go. I also read to wait few hours because it could take some time until the Policy is active. But the day after i was still possible to register.
Is there anything else i need to set up to Block other 3rd Party Application to connect to EXO.
Thanks a lot for your Help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Jayd , Based on my test, when I create another conditional access policy which block legacy authentication. The Gmail access is prevented. Here is the policy I create:
Cloud apps or action: office 365 exchange online
Conditions->Device platform :iOS and Android
Client apps: Other clients
Grant: Block access.
Maybe we can create a similar conditional access for some test users to see if we get the same result.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @Crystal-MSFT
im really sorry, but i just figured out i have forgotten to set in the"Cloud app and action" option the Apps. Now it works.
@Jayd , Thanks for letting us know the latest status. i am glad to hear that it is working well now. And thanks for sharing the cause to us. If there's anything else we can help in the future, feel free to post in our Q&A.
Have a nice day!
Hi,
Did you also enable required approved client app in grant controls? I blogged about this recently which you can read over here.
Thanks a lot for your help @Rahul Jindal [MVP] . I saved the link to your Blog which explains the restrictions really well.