Home
Microsoft

At Ignite, we announced new capabilities to help customers deploy Outlook mobile at scale and manage with ease. We’ve heard from customers about their need to configure Outlook mobile in a way that supports their corporate security policies and compliance requirements, simplifies users onboarding experience and mitigates calls to their IT helpdesk. 

 

With the device and app configuration policies from Microsoft Intune and other device management solutions built-in, Outlook mobile supports the Microsoft 365 solution that ensures only trusted users, using trusted devices and/or trusted apps get access to corporate data.

 

Let’s take a more detailed look at the new Outlook mobile App Configuration Policies and capabilities with Microsoft Intune which are rolling out now and revisit other recently launched enhancements.

 

Scale deployments with consistency

When deploying a new tool or technology, consistency and control are key.  We are introducing the ability to push specific app configuration settings for Outlook for iOS and Android such as the on/off state for saving contacts, iOS biometrics options such as Touch ID/Face ID, block external images, and external recipients MailTip. Today, this MailTip is now on in Outlook mobile by default for added consistency and protection. App configuration policies can be set, either at initial onboarding or anytime administrators want to standardize the Outlook mobile experience for their end users.  Additional settings such as Focused Inbox can also be managed by administrators as well as adjusted by the user.iOS App Config Contact Save 03202019.pngOutlook for iOS

Administrators will be able to manage these Outlook mobile app configuration settings for enrolled devices via any MDM provider. If you are using Microsoft Intune as your MDM provider, we are providing an enhanced App Configuration Policy interface for Outlook mobile, designed to make it simple for administrators to manage with ease.

 

Screenshot 2019-03-09 13.52.08.pngMicrosoft Intune app configuration settings page for Outlook for iOSStandardizing these settings will help simplify and scale the deployment of Outlook mobile while ensuring that end users have a consistent experience. 

 

If using another MDM solution, the configuration keys and instructions on how to deploy these settings for Outlook for iOS and Android can be found here.

 

Enable faster account setup

We have simplified Outlook mobile account set up during modern authentication for Office 365 customers.  We’ve removed the need to enter the SMTP and/or UPN address during authentication, and like single sign-on (SSO), customers need only enter their password (if an active token isn’t already available within the Microsoft app keystore).  Office 365 customers, as well as, on-premises customers leveraging hybrid Modern Authentication environments can quickly deploy Outlook mobile regardless of what MDM solution they use.  By ensuring employees use the correct work account setup, this user focused design approach can reduce calls to your helpdesk and makes securing your mobile workforce fast and easy. Check out Account Setup for Modern Authentication and account set up configuration settings  

 

Allowing specific accounts

For most organizations and users, we believe that the blending of work and personal within Outlook mobile enables a user to manage their entire day end-to-end, providing the best experience for the user. However, we recognize that there are scenarios where that isn’t possible. As an example, due to certain regulations and compliance policies, a subset of employees in some organizations are required to utilize company-owned and company-managed mobile devices to access corporate data. In this scenario, these employees are prevented from using the company mobile devices for personal use.

 

To satisfy this requirement, administrators can use Microsoft Intune or another mobile device management (MDM) solution to apply a rule that allows only the employee’s email and OneDrive for Business storage account to be accessible within Outlook mobile on enrolled devices. With this, users will not be able to add personal accounts to these company managed devices. Learn more about organization allowed accounts mode settings and how to deploy it.

 

We are committed to helping customers meet their mobile security and compliance requirements with capabilities and tools to manage Outlook with ease.  Visit Outlook for iOS and Android in Exchange Online to learn about the advanced app protection and configuration policies that can be deployed today and give you confidence that your corporate data is safe.

 

5 Comments
Regular Contributor

When should we expect the new app configuration policy to be available in Intune?  Currently I'm seeing a policy with options only to configure the email account settings and block external images.  

 

Edit: It's there now!

Occasional Visitor

Guys please add a configuration option for GCC Mode and an ability to wipe the signature

Microsoft

@Robert4049 

Thank you for your feedback.  We will consider your request to manage signatures. Feel free to add this to Outlook.uservoice.com. 

 

Regarding GCC mode, if you are an Office 365 administrator, please see the Message Center post MC175769 from March 18, 2019.   

 

By April 1st, US Office 365 Government Community Cloud customers will be using the native Microsoft sync technology that directly connects Outlook for iOS and Android directly to the FedRAMP compliant Exchange Online back end architecture. At that time, the set of services and features that will be accessible from Outlook mobile for GCC customers will be controlled by an Exchange Online organization setting (accessible via PowerShell cmdlet) and therefore the GCC mode toggle will be removed from the app settings. Outlook mobile will leverage the Exchange Online organization OutlookMobileGCCRestrictionsEnabled parameter value in the Office 365 Admin Center, not the Outlook mobile GCC mode toggle settings.

 

For more information: https://aka.ms/OMGCC  

Occasional Visitor

Hello,

When will we be able to see these options in 3rd party MDM's like Airwatch?

Microsoft
@BPSIT - you can deploy account setup configuration, org allowed accounts mode, and general app config via any MDM as these settings are delivered via the MDM OS channel. See http://aka.ms/omappconfig for more info.