How to Block Apps Using Conditional Access in Intune
In Azure AD, blocking apps had been particularly difficult in past years, but with a recent feature rollout in conditional access, the process just got easier. This new feature which functions as a grant, requires that apps abide by an app protection policy before access is given.
You can check out the apps that have been confirmed to support the new feature here, then learn how you can restrict apps by leveraging conditional access below:
Before you enable the conditional access grant below, ensure the apps that you do not want to be blocked are in at least one app protection policy within Intune.
Access the Apps Panel in Intune
Select Intune App protection
Verify that an app protection policy exists that includes that apps that you WOULD NOT like to be blocked
Once complete, move over to Azure AD/ Conditional Access and follow the remaining steps
Access the specific policy you’d like to include in your blocking method (in this case I’ve named the policy “M365 App Protection”
Access the Conditional Access Policy Panel
Click into the “Grant” Option
Select “Require app protection policy” employee experience for their workforce.
If you’ve performed the block successfully end users will see one of two screens
Sample one: adding email to a native iOS app (unsupported)
User trying to sign in to a supported app that isn’t assigned to an app protection policy
Nikhil is one of our Modern Work and Security Engineers in the US. He works with clients to design, develop, and execute Endpoint Management solutions. His career started soon after he graduated from Rutgers University (New Brunswick) in 2014 with a Bachelor’s in Information Technology & Informatics and a minor in Political Science, gaining fundamental IT skills with his first job as part of a large international company’s IT team.
Shortly after, Nikhil transitioned and began to develop his career into Technology Consulting. With his educational and professional background, Nikhil has mastered the ability to provide clients an effective service while still maintaining a human element.