Forum Discussion
IOS mail profiles and conditional access
The current mail profile we push to our IOS phones is still username/password and oauth disabled.
I also have a CA policy to block legacy authentication by blocking exchange activesync client and other clients in the policy.
does our mail profile settings still fall under the legacy protocol standpoint? do I need to move to oauth to move into a modern authentication?
Has anyone moved from non oauth to oauth for their ios mail profiles. can I just make the change in the profile and it will cleanly update on the phone and just prompt the user to log into the oauth and everything else would carry on?
If you want to be sure for your self, take Configure conditional access rule to audit and take a look at the sign in logs from portal.azure.com. Filter on client app.
When you enable Oauth in the mail profile, users will be prompted to reenter their password. But why not moving to Outlook?- Thanks I did find that our current mail profile does show up as activesync... I figured it was.
We aren't moving to outlook because change is hard 🙂 I'd prefer to use it, but its a big change and getting contacts to work well on the iphone is not the best still. You can get the outlook contacts to show in the iphone contacts app. But you can sync back, if I create a contact in the iphone contacts it doesn't sync back to outlook then back to exchange.- Just like tech_mike is telling. Contacts can be an issue indeed, but it's up to us/you to let them adopt Outlook instead of the native app. The next step to take would be to require approved apps or app protection and you will need to have outlook for this
