Manage Dynamics 365 apps on mobile devices with Intune
If your organization is set up with Intune, you can use it to manage the Dynamics 365 for phones and tablets apps on Apple, Android, and Windows 10 tablets. Intune manages encryption at the device level, as well as app-to-app communications. With Intune, you can selectively wipe managed apps and related data on devices that are unenrolled, no longer compliant, lost, stolen, or retired from use.
With CRM Online 2016 Update 1 and later, you can use Intune mobile application management (MAM) without enrolling the device. This protects company data in Dynamics 365 apps without requiring you to enroll and deeply manage the end user's entire device. This is particularly useful for bring-your-own-device (BYOD) scenarios where end users don’t want to or can’t enroll their devices for IT management. This capability is also useful if a device is already enrolled in another mobile application management solution.
For more information about getting and using Intune, see Microsoft Intune
Set up conditional access to Dynamics 365 apps
You can use the Azure portal to administer conditional access to manage access to Dynamics 365 apps from mobile devices based on conditions you specify.
For more information about setting up conditional access on the Power Platform side, see Azure AD Conditional Access.
For more information on conditional access, see Conditional Access: Conditions.
It's important to note that Intune cache conditional access policies can take up to 24 hours to propagate. If you don't want to wait then you can uninstall and then reinstall the app.
To use conditional access, you must have an Azure Active Directory premium subscription.