Now it’s time for the final post in this series, if you’ve missed the others they can be found here.

I guess I should start this post off by saying that Microsoft 365 Business is now Microsoft 365 Business Premium, but I won’t change the title of the posts, I’ll save that for when there have been enough functionality changes to warrant a new set of posts.

This post is going to wrap up by focusing on controlling which apps can be used for access, so I won’t start with creating policies from scratch, instead we can focus on the app specific elements. What we are going to do in this scenario is ensure that iOS and Android users are using approved apps to access Office 365 related applications. We start by selecting the Office 365 (preview) option under Cloud apps or actions.

We then jump into Conditions, Device platforms, and select Android and iOS.

And then Grant Access with Require approved client app

So, what are the apps this list includes? Let’s take a look.

  • Microsoft Azure Information Protection
  • Microsoft Bookings
  • Microsoft Cortana
  • Microsoft Dynamics 365
  • Microsoft Edge
  • Microsoft Excel
  • Microsoft Flow
  • Microsoft Intune Managed Browser
  • Microsoft Invoicing
  • Microsoft Kaizala
  • Microsoft Launcher
  • Microsoft Office
  • Microsoft OneDrive
  • Microsoft OneNote
  • Microsoft Outlook
  • Microsoft Planner
  • Microsoft PowerApps
  • Microsoft Power BI
  • Microsoft PowerPoint
  • Microsoft SharePoint
  • Microsoft Skype for Business
  • Microsoft StaffHub
  • Microsoft Stream
  • Microsoft Teams
  • Microsoft To-Do
  • Microsoft Visio
  • Microsoft Word
  • Microsoft Yammer
  • Microsoft Whiteboard

So, there are a few different ones in here, but you will notice that they are all Microsoft 365 or closely related.

Now, rather than finishing there, we can take this a step further by ensuring that an Application Protection Policy has been set in Intune. This is a preview feature, so the usual warnings apply about preview features in production environments. This will add some data protection capabilities that can be used regardless of whether the device is enrolled in Intune or not, so they can be applied to corporate issued devices or personal devices.