Do not try to script this. Writing a local script to block a cloud app like Outlook is going to be incredibly messy, easily bypassed by smart users, and practically impossible to execute cleanly on non-jailbroken iOS/Android devices anyway.
The industry-standard (and much more reliable) way to handle this is by using Microsoft Entra ID (formerly Azure AD) Conditional Access.
Since you are already using Hexnode and Office 365, you can just tie them together. You basically tell Entra ID to use hexnode as its source of truth for device health.
This is basically how it works (if you check the Hexnode help center, you can find the detailed docs for this integration, but here is the gist):
- Set up your Compliance Policy: In your Hexnode console, go to Policies > Compliance policy > New policy and select your platform (Windows, Android, or iOS). Under the Basic settings, check the boxes that mark the device as “Non-compliant” if the MDM profile or the Hexnode app is removed. Save it and make sure to associate this policy with your target devices.
- Link the Platforms: Set up the Microsoft entra conditional access integration within Hexnode. This allows hexnode to continuously report the real-time compliance status of your devices directly to Entra ID.
- Create the Block: Head over to your Microsoft entra portal and create a new Conditional access policy. Target your Office 365/exchange apps, and under the Grant controls, select “Require device to be marked as compliant”.
If a user tries to download Outlook on their personal iPad and sign in, entra ID will check with Hexnode, see the device isn’t registered/compliant, and immediately block the login at the cloud level. No messy local scripts required!
13 Views
