Enforcing Device Compliance for Exchange Cloud App Usage
Configuring Conditional Access to Enforce Device Enrollment
- Within the Microsoft Azure portal go to Intune > Conditional access. Select Policies and click the “+New Policy” button.
- Give the new policy a name. For this blog I will give it the name : CA-ExchangeOnline-EAS
- Under Assignment click Users and groups and select an Azure AD security group if you want to apply this policy to a selected group of users (optional) Click Done
- Click on Cloud apps, click Select apps in search for Office 365 Exchange Online. Click Select and Done
- Select Conditions, and then choose for Client apps. This time select Exchange ActiveSync. Click Done twice.
- Under Access controls select Grant. On the right hand side of the screen click Grant access and select Require device to be marked as compliant. Click on Select in the bottom of the screen.
- Make sure that Enable policy is set to On and click on Create