How to Configure Exchange on-premises Access with Intune
Configure Exchange on-premises Access with Intune
Go to the Azure portal, and sign in with your credentials.
After you've successfully signed in, you see the Azure Dashboard.
Choose All services from the left menu, then type Intune in the text box filter.!(https://storage.crisp.chat/users/helpdesk/website/e497a089e7e2b800/730678e6-0e23-47ee-b2d6-dfad21_hhhuyg.png)
Choose Intune, you see the Intune Dashboard.
Choose On-premises access. The On-premises access pane shows the status of the conditional access policy and the devices that are affected by it.!(https://storage.crisp.chat/users/helpdesk/website/f19656e7ed2cb800/5d42d5b5-1d36-4d7e-9b35-35e82e_1w28vor.png)
Under Manage, choose Exchange on-premises access.!(https://storage.crisp.chat/users/helpdesk/website/f18222aa74c39000/ddcdd75f-17c9-4989-be4d-705b12_4l7ety.png)
On the Exchange on-premises access pane, choose Yes to enable Exchange on-premises access control.!(https://storage.crisp.chat/users/helpdesk/website/bf46019caeba2800/0efe8f62-ae92-4528-8849-5281d1_e99zo6.png)
Under Assignment, choose Groups Included. Use the security user group that should have conditional access applied to it. This action would require the users to enroll their devices in Intune and be compliant with the compliance profiles.!(https://storage.crisp.chat/users/helpdesk/website/bc571d85c75ed000/12c66a5e-a016-4833-ad81-978f13_coeycx.png)
If you want to exclude a certain groups of users, you can do so by choosing Groups Excluded and selecting a user group that you want to be exempt from requiring device enrollment and compliance.!(https://storage.crisp.chat/users/helpdesk/website/7b607ad617ab6000/a25708c3-b2d4-442d-bea4-9cbbda_vjcpgd.png)
Under Settings, choose User notifications to modify the default email message. This message is sent to users if their device is not compliant and they want to access Exchange on-premises. The message template uses Markup language. You can also see the preview of how the message looks as you type.
On the Advanced Exchange Active Sync access settings pane, set the global default rule for access from devices that are not managed by Intune, and for platform-level rules as described in the next two steps.!(https://storage.crisp.chat/users/helpdesk/website/62c288e18a4b2000/6d1f2592-dfe4-4d14-a304-a21ab2_1pjs2su.png)
Under Device platform exceptions, choose Add to specify the platforms. If the unmanaged device access setting is set to blocked, devices that are enrolled and compliant are allowed even if there is a platform exception to block. Choose Ok to save the settings.
On the On-premises pane, click Save to save the conditional access policy.
Updated on: 31/01/2023