This article is created as an alternative to the method described in this post please check out the post before proceeding.
This method requires Azure AD Premium P1 (or higher) to be assigned to all users affected by the policy. Some methods used are in preview. Using conditional access will also block SMTP and ACS for affected accounts.
Create a new conditional access policy and set up the scope, for example:
- Users and groups: All users
- Cloud apps: Office 365 Exchange Online
- Conditions:
- Client Apps: Other clients – This is the part that specifies that this policy should affect connection attempts over IMAP and POP.
- Grant: Block Access
It does not work. There are email client’s which can use OAuth2 protocol for authentication with conjunction with IMAP/POP3 (Mozilla Thunderbird for example).