创建 Exchange Online 条件访问以便仅允许 MAM 支持的应用Create an Exchange Online conditional access to only allow apps supported by MAM

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

本主题介绍有关如何为 Exchange Online 设置条件性访问,以便仅允许支持 Intune 应用保护策略的移动应用的分步说明。This topic gives you step-by-step instructions on how to set up conditional access for Exchange Online to only allow mobile apps that support Intune app protection policies.

创建 Exchange Online 策略Create an Exchange Online policy

  1. 登录包含应用访问功能的 Azure 门户Sign into the Azure portal that includes the app access feature. 如果是刚接触 Azure 门户体验,请阅读应用保护策略的 Azure 门户主题。If you are new to the Azure portal experience read the Azure portal for app protection policies topic.

  2. 选择“更多服务”,然后键入“Intune”。Choose More services, and type: "Intune".

  3. 选择“Intune 应用保护”。Choose Intune App Protection.

  4. 在“Intune 移动应用程序管理”边栏选项卡中,选择“全部设置”。On the Intune mobile application management blade choose All Settings.

  5. 在“条件性访问”部分中,选择“Exchange Online”。On the Conditional access section, choose Exchange Online.

    显示条件访问部分(其中突出显示 Exchange Online 选项)的设置边栏选项卡的屏幕截图

  6. 在“允许的应用”边栏选项卡上,选择“允许支持 Intune 应用策略的应用”选项以便仅允许 Intune 应用保护策略支持的应用能够访问 Exchange Online。On the Allowed apps blade, choose the Allow apps that support Intune app policies option to allow only apps that are supported by Intune app protection policies to have the ability to access Exchange Online. 选择此选项时,会显示支持的应用的列表。When you select this option, the list of supported apps is displayed.

    备注

    会阻止所有 Exchange Active Sync 邮件客户端(包括 iOS 和 Android 上连接到 Exchange Online 的内置邮件客户端)发送或接收电子邮件。All Exchange Active Sync mail clients, including the built-in mail clients on iOS and >Android that connect to Exchange Online, will be prevented from sending or receiving >email. 用户会改为收到一封电子邮件,告知他们需要使用 Outlook 邮件应用。Users will instead receive a single email informing them that they need to use the >Outlook mail app.

  7. 若要将此策略应用于用户,请打开“已限制的用户组”边栏选项卡,然后选择“添加用户组”。To apply this policy to users, open the Restricted user groups blade, and choose Add user group. 选择应获取此策略的一个或多个用户组。Select one or more user groups that should get this policy.

    突出显示添加用户组选项的已限制用户组边栏选项卡的屏幕截图

  8. 你可能希望在上一步中选择的用户组中的某些用户不受此策略影响。You may want some users in the user group you selected in the previous step not to be affected by this policy. 在这种情况下,将用户组添加到被免除的用户组列表。In such cases, add the group of users to the exempted user groups list. 从“Exchange Online”边栏选项卡,选择“被免除的用户组”。From the Exchange Online blade, choose Exempted user groups. 选择“添加用户组”以打开用户组的列表。Choose Add user group to open the list of user groups. 选择要从此策略中免除的组。Select the groups you want to exempt from this policy.

修改现有策略Modify an existing policy

添加或删除用户组Add or delete user groups

若要从“已限制的用户组”列表中删除用户组,请打开“已限制的用户组”边栏选项卡,突出显示要删除的用户组,然后单击省略号 (...) 以查看“删除”选项。To delete a user group from the restricted user groups list, open the Restricted user groups blade, highlight the user group you want to delete, and click on the ellipses(...) to see the Delete option. 选择“删除”以从列表中删除用户组。Choose Delete to remove the user group from the list. 可以按照相同过程从“被免除的用户组”列表中删除用户组。You can follow the same procedure to remove a user group from the exempted user group list.

后续步骤Next steps

阻止不具有新式验证的应用Block apps that do not have modern authentication

另请参阅See also

使用应用保护策略保护应用数据Protect app data with app protection policies

要提交产品反馈,请访问 Intune Feedback