Blocking Third Party application to access Office 365

When you have your users on office 365, they tend to use integrate their account with third party cloud applications.

The advantage and dis-advantage of using office 365 is that it integrates seamlessly with the third-part cloud application.

One such application that i came across is that CloudHQ.  It is very good product.  When you work with different client, and their respective application, CloudHQ, helps get those information to one place.

For example, If a user has a office 365 mailbox and a gmail account.  He can extract all the emails from office 365 and transfer it to gmail account.

All you have to do is just authenticate authroize CloudHQ to use your office 365 account.

CloudHQ can do lot more than what i just described.

To some organization, they don’t want their user to take the corporate data to external application which is not allowed.

How a user can sign-up to these applications (I user CloudHQ as an example)

Go to the website

Title

Sign-up using the office 365 account

signup

Logon screen to office 365

loginscreen

Authorize CloudHQ to your office365 account,

authorize

As soon as it is done, admin can see this application under Enterprise application list

enterpriseappl

Right now, this user has authorized CloudHq to access the office365.  From CloudHQ, you can authorize your personal email account, such as gmail, as the destination to copy the emails.

To avoid this,

You might wonder if disable active sync or other features may allow you to control access of the users – NOPE.

Even if you disable EWS, user will be able to authorize the application to access their office 365 account.

The only way to control this is by setting the restriction in Azure portal.  You can block all the application except few MS application or which ever way works for you.

conditionalAccess

Hope this was useful.

VJ

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.