Here is ym scenario: Hosted O365, OKTA (WFS setup), third party MDM, on prem AD
Goal: Only allow access to ActiveSync via native app in iOS and specific app on Android. That means anything else is blocked. Blocking/Quarantining all from O365 first then allowing it after poses risks as a user can simply comply for the initial white list of device then simply move onto native application without security.
MDM provider doesnt allow that kind of management for multi OS, O365 is limited in what they can do since they want to push INTUNE, and the only option left is to use claims rules.
Since OKTA is our iDP and we have federated with O365, we thought we could just run claim rules, but thats not possible as theres no ADFS server to run off of.
Is it possible to acheive what we are looking for with OKTA?
In order to implement more granular controls for O365 I would recommend to suggest this on the Okta Community by using the 'Suggest a feature' option at the bottom of the Okta admin console. Features suggested in our community are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests.