With Intune update 1704 it is now possible to setup Conditional Access for SharePoint Apps on IOS and Android.

You can now create an app-based conditional access policy to block apps, which don’t have app protection policies applied to them, from accessing SharePoint Online. In the apps-based conditional access scenario, you can specify the apps that you want to have access to SharePoint Online using the Azure portal.

This also works in a Intune hybrid scenario – but have to be created in the cloud.


How to set MAM CA for SharePoint in Intune

Start in https://portal.azure.com

Click on: Intune mobile application management

MAM CA for SharePoint - 00

Under Conditional Access –> Click on SharePoint Online

MAM CA for SharePoint - 01

Click on Allowed apps

MAM CA for SharePoint - 02

Now you have to select “Allow all apps” or “Allow apps that support Intune app Policies”

MAM CA for SharePoint - 03

Now you have to select “Restricted user groups” for this new Conditional Access policy.

I always use All users in AzureAD – then if for some reason you need to exclude some users you can do it under “Exempt User Groups”

MAM CA for SharePoint - 04

Then you can see the status on the dashboard:

MAM CA for SharePoint - 00.png