Information
You should configure your mobile device management policies to require the policy to manage the email profile of the user.
Rationale:
If you do not require this, users will be able to setup and configure email accounts without the protections of the mobile device management policy, leading to potential breaches of accounts and data.
Impact:
This setting will have a moderate impact on users
Solution
To set mobile device management policies, use the Microsoft 365 Admin Center:
Select Device Management under Admin Centers.
Select Device compliance and then under Policy select Compliance policies
Select Create Policy
Set a Name for the policy, choose the appropriate Platform
Under Settings and Email ensure that Require mobile devices to have a managed email profile is set to Require.
Default Value:
This setting is not enabled by default