Our Security team wants to try out just protecting Email access (a.k.a, 365 web portal, and Outlook Desktop). What is the best way to go about this? Would these be Client application or Client user agent exceptions? Setting up autodiscover/activesync...