question

HarshitMalhotra-5088 avatar image
0 Votes"
HarshitMalhotra-5088 asked ·

mobile device access rules

Hi Team, When iphone is configured with Outlook for iOS access to exchange online is allowed, same device gets quarantined when using iPhone native mail app? why? I have a rule with Characterstic "devicetype" , QueryString set to "Iphone" and Accesslevel set to "allow". Activesyncorganizationsettings , "Defaultaccesslevel" is set to allow. Why when using native app on iPhone my app gets quarantined with reason "AadBlockDuetoAccessPolicy" and remains in quanrantinepending state when allowed. Please advise. Thanks, Harshit Malhotra

office-exchange-server-mailflow
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

HarshitMalhotra-5088 avatar image
1 Vote"
HarshitMalhotra-5088 answered ·

Hi Andy,

Hope you are doing good.

We found out that there was no Conditional Access Policy.

We isolated the issue, After we disabled Security Defaults, Iphone was again configured with Native App and it was allowed to go through.

Thanks for your help.


Regards,
Harshit Malhotra

· 2 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YukiSun-MSFT avatar image YukiSun-MSFT ·

Hi @HarshitMalhotra-5088,

Cool! Great to know that you have sorted it out and thanks for your sharing! You can click "Accept Answer" under your own post to close this up. This can be beneficial to others in the community looking for help on similar topics. Thanks!

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·
AndyDavid avatar image AndyDavid ·

Thanks for following up. Please mark @YukiSun-MSFT answer as accepted so we can close this up. Thanks!

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered ·

AadBlockDuetoAccessPolicy = Means you have a conditional access policy that is blocking it.
Check the Azure Sign in logs for that user to see what CA policy blocked it



· 1 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HarshitMalhotra-5088 avatar image HarshitMalhotra-5088 ·

Hi Andy,

Thanks for replying and sharing the information.

I would check the logs and would share an Update soon.


Thanks,
Harshit Malhotra

0 Votes 0 ·
YukiSun-MSFT avatar image
0 Votes"
YukiSun-MSFT answered ·

Hi @HarshitMalhotra-5088,

Agree with Andy that from the quarantine reason "AadBlockDuetoAccessPolicy", it's most likely to be related to the Conditional Access policy.

Additionally, I found the following thread which discusses a similar situation. According to the comments there, it was resolved by removing the account from the device first, then approving in exchange quarantine and add the account again in the native Mail app on the device:

Issue with security defaults - activesync clients get quarantined

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HarshitMalhotra-5088 avatar image HarshitMalhotra-5088 ·

Hi Admin,

Hope you are doing good.

Thanks for your time and answer.

We have already tried the suggested link, device goes into pending state after approving the device.



Thanks,
Harshit Malhotra

0 Votes 0 ·
YukiSun-MSFT avatar image YukiSun-MSFT HarshitMalhotra-5088 ·

Hi @HarshitMalhotra-5088,
Thanks for the update. Then it's suggested to go ahead checking the Conditional Access policy.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·