Some companies will block access to Outlook on the web entirely because they don’t want users to be able to download their company data externally. This new feature strikes a middle ground, so users can still access Outlook on the web, but admins can use conditional access to restrict downloads from Outlook on the web on personal or unmanaged devices.
What is Conditional Access?
Conditional access lets you define different security measures which take effect depending on how users are trying to access your company data. For example a risky sign in according to Azure Active Directory might prompt for MFA, while a sign in from inside your company network on a trusted device won’t. An unmanaged or non-compliant device might not be able to access certain apps, while compliant devices can.
How to set up Conditional Access for Outlook on the web
Add the policy via Azure Active Directory Conditional Access
In this example, we are setting up a conditional access policy for non-compliant devices which prevents users from being able to download attachments via the browser.
Valid values for the -ConditionalAccessPolicy parameter are:
Off: No conditional access policy is applied to Outlook on the web. This is the default value.
ReadOnly: Users can’t download attachments to their local computer, and can’t enable Offline Mode on non-compliant computers. They can still view attachments in the browser.
ReadOnlyPlusAttachmentsBlocked: All restrictions from ReadOnly apply, but users can’t view attachments in the browser.
Wait a few hours for the policy to apply. Once it takes effect, the previously selected users on non-compliant devices will not be able to download attachments via Outlook on the web.
What is the user experience?
The ReadOnly policy will ensure that users on non-compliant devices can’t download email attachments through Outlook on the web to their local device. They can only access them via the file viewers in the browser.
If you use the ReadOnlyPlusAttachmentsBlocked value, users will not be able to access attachments via the browser at all.
What license do I need for Conditional Access for Outlook on the web?
Conditional Access requires a subscription with Azure AD P1 or P2.
//gcits.com.au/wp-content/uploads/GCITSlogowordpress.png00Elliot Munro//gcits.com.au/wp-content/uploads/GCITSlogowordpress.pngElliot Munro2018-10-21 21:03:392018-10-22 06:01:08Outlook on the web - Conditional Access