Blog Post

Exchange Team Blog
8 MIN READ

Microsoft and Apple Working Together to Improve Exchange Online Security

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Jun 16, 2022
We’ve been working for some time with several partners to come up with ways to smoothly transition our many users from Basic authentication to something more secure: OAuth 2.0-based authentication, o...
Updated Jul 11, 2022
Version 3.0
announcements
exchange online
Mobility
BM-Tech303's avatar
BM-Tech303
Copper Contributor
Nov 04, 2022
Greetings:  I was wondering if anyone can offer some advice about a persistent issue we’ve had with this change on iOS devices and its native Mail app.  We use Office 365 Exchange but no MDM/MAM.  We followed the instructions herein, granted tenant-wide admin consent to iOS Accounts, and advised those who use iOS Mail to delete and re-add their accounts.  We verified successful admin consent entries for Office 365 Exchange Online.  
 
It works fine on iOS 15.7, but we have had persistent problems since iOS 16 and 16.1 on any iOS device.  I can add my account, see successful connection on Azure AD with Apple Internet Accounts, but on devices running iOS 16 and above the Mail app randomly but routinely fails with "Account Error - Cannot Get Mail: The Connection to the Server Failed”.  Then it will work again for a bit, but Push mail doesn’t work, and then eventually it will throw the connection error.  Yet we cannot see any errors in our Azure logs when this happens.  I can replicate the connection failure anytime I delete and re-add the account, or make any change to the account settings in General—>Mail.  
 
I have worked with Apple Support and deleted and re-added the account, deleted and re-added the Mail app, re-installed iOS 16 through 16.1, reset-all settings, on both iPhone and iPad devices and the issue persists on any device.   And we still see nothing to indicate problems in the AD logs.  Apple Support eventually said it is not an iOS issue but a client/Microsoft issue and there was nothing more they could do.  
 
At this point I can only get OAuth and iOS Mail/Exchange ActiveSynch to work on one device that has iOS 15.7 but not any OS above this.  Is there something I may be missing that is causing these issues or somewhere we can check in logs or AD that we may have missed outside the instructions here to ensure a smooth transition?