Thank you.

@AndrewBlumhardt-1137 - Thanks for the reply but our Audit is already turned on. We have no problem auditing accounts created in Active Directory but if the account is created in the Computer Management -> Users of the machine, I don't see a log so I cannot monitor.

Thank you for the suggestion. I looked at WIP but it doesn't look like it can block access to office.com after our users log in, access their Outlook emails or Teams if they are using Edge Legacy or an old browser. Here are the options in WIP. Maybe I just need to know what to select?

@LuDaiMSFT-0289 - Thanks for the response. I corrected the tag. I didn't realize I selected Windows 365 instead of O365. Either way, I changed it now to Intune.

As for the original post, my goal is not to block unmanaged devices. My goal is to block unmanaged devices or personal devices that still use Edge Legacy or old browsers to log in to our Office 365 portal or tenant's portal.

Thank you.

Thank you, but the instruction is about manually mapping the site. I am looking for an automated way so that when users log in, they are automatically mapped to the sites they are a member of.

@LuDaiMSFT-0289 - Thank you for taking the time to test. I appreciate it. I will test some more and update this post if it was an isolated case. Thank you again.

Thanks for taking the time to reply, and follow up.

@Jason-MSFT - Thank you for the clarifications. It helps a lot. I just have a few more follow-up questions.

With regards to the device being offline - Let's say, for example, the user has a personal phone and had his work email connected to it. Later on, he turned off the device or disconnected the service but did not remove his account, and kept it in storage for 365 days. According to the policy, if the device is offline for 365 days it will wipe the data. In this case, if the user decides to re-use his phone or remember to look up important information on that phone after one year for any reason when he turns it on, will it wipe ALL the data due to the company policy? Will he be given at least an option to not wipe, or it will only delete the Outlook data? I am concerned about wiping all the data on a personal (unmanaged) device as we don't own all their personal data on the device.

The second question is if a user forgets the PIN that they set on the app, how do they reset it? Can I remove the user or exclude him from the policy to remove the PIN in case of an emergency?

Lastly, in my post below, to clarify, I mentioned "weekend" because I was thinking of a scenario that the user will access his app on Friday, but not work over the weekend. I was wondering what would happen when he comes back on Monday, but you answered that question. Thank you.

Thanks for pointing that out, and clarifying it! It is very helpful. I appreciate your time to reply.

Thank you. I did open a ticket with Microsoft but they have not responded to me yet (after several days). If they resolve this, I will share the solution here. In the meantime, anyone who has other ideas or the same experience recently please share. Thank you.

*.msappproxy.net - This was the offending URL.

Hi @TomGassett-4036 - Could you please tell me how you resolved this issue? I have the same issue. Thank you.

Thank you. I missed that.

Thank you. I got it. I have to distribute the app to my CMG distribution point.

Could you please tell me what setting is that or where can I find it - The Allow application to be downloaded via the internet? I tested the same app on a machine that is on the Intranet and it works. It could be that.