Device access rule for Outlook App for iOS and Android does not work for Intune on-premises Exchange conditional access

View products that this article applies to.

Symptoms

Consider the following scenario:

You have an on-premises Microsoft Exchange Server environment.
You use conditional access for Microsoft Intune.
You allow access to Intune for Outlook Apps for iOS and Android by using an Exchange ActiveSync device access rule, such as the rule that's shown in the following screen shot.

In this scenario, the Outlook App devices are blocked.

Cause

This issue occurs because conditional access for Intune in an on-premises Exchange environment does not support the Outlook App for iOS and Android. Any Outlook Apps that are detected will be blocked by the Intune service. Any Outlook entry that is allowed by the Exchange on-premises device access rule will be blocked.

↑ Back to the top

Workaround

We no longer support the old workaround to use the Exchange ActiveSync device access rule to allow the Outlook App users to connect. If you have users that have to use the Outlook App, you cannot target those users for conditional access. However, you can enable hybrid modern authentication for both Outlook iOS and Android. For more information, see the following Microsoft Docs article:

Using hybrid Modern Authentication with Outlook for iOS and Android

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: InTune, kbContentAuto, CI91551, Technical Support

↑ Back to the top

Article Info

Article ID	:	4464611
Revision	:	6
Created on	:	11/1/2018
Published on	:	11/1/2018
Exists online	:	False
Views	:	448

Microsoft KB Archive Search

Device access rule for Outlook App for iOS and Android does not work for Intune on-premises Exchange conditional access

Symptoms

Cause

Workaround

Applies to: