SCCM 2012 R2 + Microsoft Intune – Exchange Conditional Access

Hi, here is Martin with a Blogpost about the new Feature that has been shipped to the Microsoft Mobile Device Management Solution Intune: Conditional Echange/Sharepoint Access. This means, you are now able to restrict the Access to Exchange Online, On-Premise Exchange and SharePoint Online to Devices, which has to be Intune enrolled.

Update: Intune in combination with SCCM currently only allows you to restrict the Access to Exchange Online.

If your System Center 2012 Configuration Manager has been updated with the new Conditional Access Extension:

you will find those new entries in the List:

You are then also able to create a quick Compliance Policy:

But we wanted to start with Exchange Conditional Access, so we Need to follow the Link on the “Exchange Online” Page, which leads us to our Windows Intune Portal:

In my case, I chose to install the On-Premise Connector, you can follow this instructions on TechNet: https://technet.microsoft.com/library/dn646988.aspx
If you have successfully iinstalled the On-Premise connector, you can then go on and create your Exchange Policy:

It can take up to 3 hours, until a EAS Synced Device get blocked. But even if the Device was already enrolled with EAS or not, the User will receive a Message, that he can enroll his Device with Intune, and gain Access to his Mail Account again.
This Link is from the comments (thanks for that!) which does it describes the whole process very vell:
https://technet.microsoft.com/en-us/library/mt595858.aspx

Refer also to this excellent TechNet Blog Post:
http://blogs.technet.com/b/microsoftintune/archive/2015/03/12/conditional-access-for-exchange-online-using-microsoft-intune.aspx