This topic gives you step-by-step instructions on how to set up conditional access for Exchange Online to only allow mobile apps that support Intune mobile app management (MAM) policies.
Configure a SharePoint Online policy
Step 2: Go to Browse >Intune > Intune mobile application management blade > Settings, and in the conditional access section, choose SharePoint Online.
Step 3: On the Allowed apps blade, choose Allow apps that support Intune app policies option to allow only apps that are supported by Intune MAM policies to have the ability to access SharePoint Online. When you select the option to only allow apps that are supported by Intune MAM policies, the list of supported apps is displayed.
Step 4: To apply this policy to users, open the Restricted user groups blade, and choose Add user group. Select one or more user groups that should get this policy.
Step 5: You may want some users in the user group you selected in the previous step not to be affected by this policy. In such cases, add the group of users to the exempted user groups list. From the SharePoint Online blade, choose Exempted user groups. Choose Add user group to open the list of user groups. Select the groups you want to exempt from this policy.
Modifying an existing policy
Adding or deleting user groups
To delete a user group from the restricted user groups list, open the Restricted user groups blade, highlight the user group you want to delete, and click on the … to see the delete option. Choose Delete to remove the user group from the list. You can follow the same procedure to remove a user group from the exempted user group list.