A client access policy uses Office 365 client authentication credentials to access Office 365 applications in your Workspace ONE deployment.

An Office 365 client, such as VMware Boxer, Microsoft Outlook, and iOS and Android native email clients, collects credentials in their UI to authenticate. A client access policy enables VMware Identity Manager to manage the collected credentials for authentication.

Client access policies also enable you to set other access parameters for Office 365 applications. Policies set in a single Office 365 application apply to all Office 365 applications. Any edits to client access policies impact the users' ability to access these applications.

Order of Client Access Policies

Arrange the client access policies in order because the system enforces policies from top to bottom. The system uses the first policy to authenticate a client or to deny it access.

For example, if you create a policy denying access to all device types and drag it above a policy allowing access for Android devices, the system denies all devices access that attempt the username and password authentication. The system does not enforce the policy allowing access to Android devices. The first policy that denies access takes precedent.