Exchange Online’s conditional access features gives organizations tighter control over how they keep end users’ devices and information safe.
Many organizations use Exchange Server’s built-in ability to restrict device access via ActiveSync. This ability provides a baseline level of protection to ensure that only approved devices are allowed to connect to the organization while providing a way for administrators to instruct devices to require a PIN.
Unfortunately, ActiveSync’s policies were defined long before iPhone, Android and modern Windows Phone devices existed. The options were aimed at Windows Mobile devices, but the small subset of policies available across most devices are limited and do little to protect content shared via email or protect against techniques such as jailbreaking.
Conditional access for Exchange Online fills this feature gap by working in combination with Microsoft Intune (and soon via Office 365 Mobile Device Management). Microsoft Intune controls this feature, and it is based on the state of the device that Exchange Online either blocks or allows. This functionality allows organizations to automate the process to validate if a device is safe to connect to the enterprise, therefore controlling Exchange Online access. We’ll go over how to enable these features and explain how they appear to end users.