Just today a new option showed up in my Azure Active Directory AzureAD, Under Sccess Controls – Grant – Require approved client app (preview).
Here is the link to list of approved client apps
It seems like a great feature specielt on Windows device. On IOS and Android we have MAM with application conditional access, this seems like it is working on all platforms – and that is great news.
I started by testing on Windows – I want to block access to all client apps that are not in the approved app list, and I don’t care if the device is compliant or not.
So first I created a new Conditional Access rule.
Assign it to a test group of users.
Select Office 365 Exchange Online under Cloud apps
Go to Conditions
Go to Access control
Select “Require approved client app (preview)”
Under Enable policy
Then you are ready to test.
How does it looks like on the client site on the build in Windows mail app
After the first setup page with username and password – we get this message:
Devices or client applications that meet osddeployment management compliance policy
If we take a closer look – we can see that the devices is compliant – so we are blocked based on the app we are using.
Then I started Outlook 2016 and I got access to my mail.
This blogpost has bee ncreated with little testing and will get updated when I have had the chance to test more.