How to Troubleshoot EAS Conditional Access rules

We have decided it’s time to block our EAS connections. We have some some MAM polices set up for About a year and in test. We were about to roll the, out at the start of this year to Europe and Affrica.. Then an IT restructure happened and the scope changed to global. Then the elephant in the world Happened. Covid (I’ll cover MAMin another post)

It’s an easy process to set up the rules have to be careful not to lock yourself out of the your Office 365. We have lost of rules set up but these one are fairly standard fromMS

I set up the policy a few months ago and started test. I got the expected block message which was great news. Happy with the work I had done I stated to Implement these on some of my test users.

I added some more users into then rule expecting it to take 24 hours to apply. Told the users what to expect and then waited for the angry messages of where are my contacts at. A colleague reached out and advised that he was still able to access his email with the Native client.

What could it be? Timing? Forgot to press save. I check the logs. One connection is allowed and one is blocked. He is still getting the mail. Maybe I missed the group. Nope it’s included. He is in the group as you would expect.

what have I missed?

let em check the rules again. for the 100th time

page 2

hang on. What’s this tick. Apply only to non compliant devices… when did that get ticked? Why would I tick that.

Lets take a look at the logs. Oh dear. That’s explains it.

I turn it off. Let’s see if that helps. And it does

Moral of the story. The page you think is empty probably has an unexpected Nd important setting tickEd