This is the config how to block MAM config on Android Phones.
Go to https://endpoint.microsoft.com/
Endpoint security > Conditional Access
Create new Policy
Give it a name like IOS – No MAM
Specify the group or user to apply on
Select the Office 365 app
Select Platform IOS
Add Device Filter
device.deviceOwnership -ne “Personal” -and device.deviceOwnership -ne “Company”
Set Block Access
and set it on ON
Also create a policy to Force authentication check.
Login on https://endpoint.microsoft.com/
Go to Apps -> App configuration policies
Click on +Add -> Managed devices
Add a name
Fill in Description if needed
Select Platform Android Enterprise
Select Profile. I Use All, to make it easy.
Then Select app Microsoft Outlook.
Click on Next
Configuration Settings format, select Use configuration designer
Put Email account configuration settings on Yes
Authentication type to Modern authentication
Username attribute from AAD to User Principal Name
Email addres attribute from AAD to Primary SMTP Adress
Allow only Work or school accounts to Enabled (If you work with workprofile)
Click on Next
Then Select the group or All users. and Save it.
This is the config how to block MAM config on Android Phones.
Go to https://endpoint.microsoft.com/
Endpoint security > Conditional Access
Create new Policy
Give it a name like No MAM – Android
Select Users or group or all.
Select Cloud apps Office 365.
Conditions -> Device platforms = Android
Filter for devices -> Rule syntax
device.operatingSystem -eq “AndroidForWork” -or device.operatingSystem -eq “AndroidEnterprise”
Grant = Block Access
Enable Policy.