Intune – Require users to use Outlook app on iOS and Android devices

This post will go into how you can use Intune preview in the Azure Portal to set a Conditional Access policy to require iOS and Android users to use the Outlook app, rather than the native iOS mail and Android mail applications. It will also show the user experience for a user using an iOS device and an Android device. To use the Outlook app once the policy has applied, the iOS device needs the Microsoft Authenticator app installed, and Android users need the Company Portal app installed.

In portal.azure.com click on More Services then search for Intune and click on Intune App Protection (you can click the Star to pin it to your list)

IntuneCA1

Intune App Protection

Now click on Exchange Online under Conditional Access.

IntuneCA2

Exchange Online – Conditional Access

Click on Allowed Apps, I have selected Allow apps that support Intune app policies

IntuneCA3

Allowed apps – Conditional Access, Exchange Online

Restricted Groups is where you will choose who to deploy the policy to. In Azure Active Directory, I have created a group called Intune which has my users in there with an Intune license assigned. Its a good idea to deploy this to some test users first, and not to a group with all your users in there.

IntuneCA4

Restricted user groups – Conditional Access, Exchange Online

On an Android device, I have updated the gmail application to support Office 365. I have added my account. When I check the inbox I can see an email saying that the IT department requires me to use the Outlook app.

IntuneCA5

On an iOS device, the user experience is very similar. When using the iOS native mail application, as soon as you check the inbox you will see a very similar email stating again that you require to use the Outlook app for Exchange Online.

IntuneCA6

Like I was saying earlier in the post, for Android you need the Company Portal App, and for iOS you need the Microsoft Authenticator App to register the devices in Azure AD (not enroll, only register). On an Android device, if you do not have the Company Portal app, you will see the following screen

IntuneCA7

Android – Company Portal app required

And this is the user experience for iOS without the Microsoft Authenticator app

 

IntuneCA8

Once the apps are installed you can then login to Exchange Online using the Outlook app.

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s