SOLVED

Exchange Activesync and iOS 12.3.1

Iron Contributor

 

Our goal: Allow users with personally owned iOS devices to be able to use both Outlook for iOS and the native mail app to access work email. iOS devices are required to be at iOS version 12.0 at least. Exchange ActiveSync will be turned off completely eventually.

From what I have read, iOS 11 and newer use Modern Auth.

In my testing, when I have EAS enabled for a user, the user continues to get work email from the iOS mail app and Outlook for iOS. The device has iOS 12.3.1

 

When I disable EAS for the user account, work email no longer works in the iOS mail app, but continues to work in the Outlook for iOS.

 

Isn't iOS mail app version 11 or newer no longer dependent on EAS? Should it use Modern Auth instead?

Are there other ways to shutdown EAS but allow users with newer iOS devices to access work email from the native Apple app?

 

Thank you in advance.

 

 

2 Replies

@Emy Loanzon  Correct, iOS 11 or higher supports Modern Auth. However, I believe Exchange Online email is still delivered to the native Mail app using EAS vs REST with the Outlook mobile app.

best response confirmed by Emy Loanzon (Iron Contributor)
Solution

@Emy Loanzon 
you need to separate mail protocol and auth methods.
EAS/REST are protocols to get mails and EAS is used by native iOS mail client, REST used by Outlook for iOS.
Legacy/Modern auth is a way to authenticate in services, but it doesn't affect way of getting messages.

iOS 11 started to support Oauth 2.0 (modern auth) but it still uses EAS to get your messages.

So, for now there is no way to let users use native mail client without using EAS.
If you really need to have native mail client, i would recommend to use Conditional Access policy to block legacy auth, so everyone will be using modern auth even if native mail client.

1 best response

Accepted Solutions
best response confirmed by Emy Loanzon (Iron Contributor)
Solution

@Emy Loanzon 
you need to separate mail protocol and auth methods.
EAS/REST are protocols to get mails and EAS is used by native iOS mail client, REST used by Outlook for iOS.
Legacy/Modern auth is a way to authenticate in services, but it doesn't affect way of getting messages.

iOS 11 started to support Oauth 2.0 (modern auth) but it still uses EAS to get your messages.

So, for now there is no way to let users use native mail client without using EAS.
If you really need to have native mail client, i would recommend to use Conditional Access policy to block legacy auth, so everyone will be using modern auth even if native mail client.

View solution in original post