Forum Discussion

Jason_B1025's avatar
Jason_B1025
Brass Contributor
Mar 30, 2021

IOS mail profiles and conditional access

The current mail profile we push to our IOS phones is still username/password and oauth disabled.

 

I also have a CA policy to block legacy authentication by blocking exchange activesync client and other clients in the policy.

 

does our mail profile settings still fall under the legacy protocol standpoint? do I need to move to oauth to move into a modern authentication?

 

Has anyone moved from non oauth to oauth for their ios mail profiles. can I just make the change in the profile and it will cleanly update on the phone and just prompt the user to log into the oauth and everything else would carry on?

  • If you want to be sure for your self, take Configure conditional access rule to audit and take a look at the sign in logs from portal.azure.com. Filter on client app.

    When you enable Oauth in the mail profile, users will be prompted to reenter their password. But why not moving to Outlook?

    • Jason_B1025's avatar
      Jason_B1025
      Brass Contributor
      Thanks I did find that our current mail profile does show up as activesync... I figured it was.

      We aren't moving to outlook because change is hard 🙂 I'd prefer to use it, but its a big change and getting contacts to work well on the iphone is not the best still. You can get the outlook contacts to show in the iphone contacts app. But you can sync back, if I create a contact in the iphone contacts it doesn't sync back to outlook then back to exchange.
      • Tech_Mike's avatar
        Tech_Mike
        Brass Contributor
        Hello Jason,
        you can make the transition smoother with an App configuration policy to pre-configure the Outlook App for the user, so he/she only has to enter the password on first start.

        When the configuration policy is in place, you can push the Outlook app through company portal app. Just add it to the iOS Apps in Endpoint Manager and set the assignment to "required" to all users or a group.

        With these two steps can easily deploy Outlook side by side with the native Mail app and witch to ModernAuth.

        Contacts can be an issue for some people (I have some of them in my org too) but with proper training they will get used to it and maintain their contacts in Outlook.

        Michael

Resources