This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 47%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi Team, When iphone is configured with Outlook for iOS access to exchange online is allowed, same device gets quarantined when using iPhone native mail app? why? I have a rule with Characterstic "devicetype" , QueryString set to "Iphone" and Accesslevel set to "allow". Activesyncorganizationsettings , "Defaultaccesslevel" is set to allow. Why when using native app on iPhone my app gets quarantined with reason "AadBlockDuetoAccessPolicy" and remains in quanrantinepending state when allowed. Please advise. Thanks, Harshit Malhotra
Hi Andy,
Hope you are doing good.
We found out that there was no Conditional Access Policy.
We isolated the issue, After we disabled Security Defaults, Iphone was again configured with Native App and it was allowed to go through.
Thanks for your help.
Regards,
Harshit Malhotra
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @MasterBlaster ,
Cool! Great to know that you have sorted it out and thanks for your sharing! You can click "Accept Answer" under your own post to close this up. This can be beneficial to others in the community looking for help on similar topics. Thanks!
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for following up. Please mark @Yuki Sun-MSFT answer as accepted so we can close this up. Thanks!
AadBlockDuetoAccessPolicy = Means you have a conditional access policy that is blocking it.
Check the Azure Sign in logs for that user to see what CA policy blocked it
Hi Andy,
Thanks for replying and sharing the information.
I would check the logs and would share an Update soon.
Thanks,
Harshit Malhotra
Hi @MasterBlaster ,
Agree with Andy that from the quarantine reason "AadBlockDuetoAccessPolicy", it's most likely to be related to the Conditional Access policy.
Additionally, I found the following thread which discusses a similar situation. According to the comments there, it was resolved by removing the account from the device first, then approving in exchange quarantine and add the account again in the native Mail app on the device:
Issue with security defaults - activesync clients get quarantined
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Admin,
Hope you are doing good.
Thanks for your time and answer.
We have already tried the suggested link, device goes into pending state after approving the device.
Thanks,
Harshit Malhotra
Hi @MasterBlaster ,
Thanks for the update. Then it's suggested to go ahead checking the Conditional Access policy.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.