Enforcing Device Compliance for Exchange Cloud App Usage
Configuring Conditional Access to Enforce Device Enrollment

Within the Microsoft Azure portal go to Intune > Conditional access. Select Policies and click the “**+New Policy**” button.
Give the new policy a name. For this blog I will give it the name : CA-ExchangeOnline-EAS
Under Assignment click Users and groups and select an Azure AD security group if you want to apply this policy to a selected group of users (optional) Click Done
Click on Cloud apps, click Select apps in search for Office 365 Exchange Online. Click Select and Done
Select Conditions, and then choose for Client apps. This time select Exchange ActiveSync. Click Done twice.
Under Access controls select Grant. On the right hand side of the screen click Grant access and select Require device to be marked as compliant. Click on Select in the bottom of the screen.
Make sure that Enable policy is set to On and click on Create

Within the Microsoft Azure portal go to Intune > Conditional access. Select Policies and click the “**+New Policy**” button.
Give the new policy a name. For this blog I will give it the name : CA-ExchangeOnline-EAS
Under Assignment click Users and groups and select an Azure AD security group if you want to apply this policy to a selected group of users (optional) Click Done
Click on Cloud apps, click Select apps in search for Office 365 Exchange Online. Click Select and Done
Select Conditions, and then choose for Client apps. This time select Exchange ActiveSync. Click Done twice.
Under Access controls select Grant. On the right hand side of the screen click Grant access and select Require device to be marked as compliant. Click on Select in the bottom of the screen.
Make sure that Enable policy is set to On and click on Create
Updated on: 31/01/2023
Thank you!