Our Security team wants to try out just protecting Email access (a.k.a, 365 web portal, and Outlook Desktop). What is the best way to go about this? Would these be Client application or Client user agent exceptions? Setting up autodiscover/activesync exceptions was straight forward, but i cant seem to find the right info for Outlook. Does anyone have advice, or a sample rule to share to get me started?