IOS Conditional Access – force MDM

This is the config how to block MAM config on Android Phones.

Go to https://endpoint.microsoft.com/

Endpoint security > Conditional Access

Create new Policy

Give it a name like IOS – No MAM

Specify the group or user to apply on

Select the Office 365 app

Select Platform IOS

Add Device Filter

device.deviceOwnership -ne “Personal” -and device.deviceOwnership -ne “Company”

Set Block Access

and set it on ON

Also create a policy to Force authentication check.

Android M365 mail config

Login on https://endpoint.microsoft.com/

Go to Apps -> App configuration policies

Click on +Add -> Managed devices

Add a name
Fill in Description if needed
Select Platform Android Enterprise
Select Profile. I Use All, to make it easy.


Then Select app Microsoft Outlook.

Click on Next

Configuration Settings format, select Use configuration designer
Put Email account configuration settings on Yes
Authentication type to Modern authentication
Username attribute from AAD to User Principal Name
Email addres attribute from AAD to Primary SMTP Adress
Allow only Work or school accounts to Enabled (If you work with workprofile)

Click on Next

Then Select the group or All users. and Save it.

Block MAM on android

This is the config how to block MAM config on Android Phones.

Go to https://endpoint.microsoft.com/

Endpoint security > Conditional Access

Create new Policy

Give it a name like No MAM – Android

Select Users or group or all.

Select Cloud apps Office 365.

Conditions -> Device platforms = Android

Filter for devices -> Rule syntax
device.operatingSystem -eq “AndroidForWork” -or device.operatingSystem -eq “AndroidEnterprise”

Grant = Block Access
Enable Policy.