This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 31%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Hi all,
We've set conditional access policies to control MFA to specific apps and resources. In 2 of those CA policies I configured a different sign-in frequency. One for external virtual desktop access (like 24 hours) and one for mobile Outlook App access (like 7 days).
By excluding Office365 Exchange Online in one CA policy and including it in the other this works fine for the Outlook app on iOS. You see it is accessing the resource named 'Office365 Exchange Online' in the sign-in logs and activating the 7 days sign-in frequency.
Android users however are complaining they get the 24 hours sign-in frequency. I've noticed a different resource named 'Office365 Exchange Microservices'. This is not a cloud app you can select in the pull down menu to exclude or include.
How can I mark or filter this resource in our CA policies?
Regards,
Stephan
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 59%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
Hello @Stephan van den Heuvel Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Hello,
The policies are set up to target all users and devices.
I've noticed Outlook app for Android sometimes connect through Exchange online and sometimes through Exchange Microservices.
Even my own Android tablet switches. So one time I have a 24 hour sign-in frequency and the other time the 7 days sign-in frequency.
I don't think we can setup the connection in the app ourselves, do we?
According to Google Playstore it is Microsoft Corporation who owns this app.
So please Microsoft, allow us to select Office 365 Exchange Microservices in CA policies or let all Outlook Mobile connections just flow through Office 365 Exchange Online.
I would like to hear the possibilities?
Thank you.
Regards,
Stephan
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Stephan van den Heuvel Apologies for the delayed response on this post, wanted to check if the above mentioned issue/query still persists/not resolved ?
Please send us an email on azcommunity [at] microsoft [dot] com referencing this issue with a subject line "ATTN:Givary" along with your Azure subscription id and we will help you with free support options on this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 86%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPY%3C/text%3E%3C/svg%3E)
Same thing here, attempting to treat exchange access differently for Mobile devices but Outlook Mobile on Droid isn't fully targetable because I can't select "Office 365 Exchange Microservices" as a target resource in conditional access. Anyone find a way around this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 70%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Hello,
We are facing the same issue, is there any way to exclude the 'Office365 Exchange Microservices' from CA for Android devices to grant access to Outlook mobile application?
From what I have seen, if you cant target it with a policy then its built in the larger application and you wont be able to get around that other than targeting specfic users perhaps versus devices.