Block IMAP and POP access using conditional access

This article is created as an alternative to the method described in this post please check out the post before proceeding.

This method requires Azure AD Premium P1 (or higher) to be assigned to all users affected by the policy. Some methods used are in preview. Using conditional access will also block SMTP and ACS for affected accounts.

Create a new conditional access policy and set up the scope, for example:

  • Users and groups: All users
  • Cloud apps: Office 365 Exchange Online
  • Conditions:
    • Client Apps: Other clients – This is the part that specifies that this policy should affect connection attempts over IMAP and POP.
  • Grant: Block Access
The settings that specify that this policy only applies to connection attempts using legacy protocols.

1 thought on “Block IMAP and POP access using conditional access”

  1. It does not work. There are email client’s which can use OAuth2 protocol for authentication with conjunction with IMAP/POP3 (Mozilla Thunderbird for example).

Leave a Reply

Your email address will not be published. Required fields are marked *