At Ignite, we announced new capabilities to help customers deploy Outlook mobile at scale and manage with ease. We’ve heard from customers about their need to configure Outlook mobile in a way that supports their corporate security policies and compliance requirements, simplifies users onboarding experience and mitigates calls to their IT helpdesk. 


With the device and app configuration policies from Microsoft Intune and other device management solutions built-in, Outlook mobile supports the Microsoft 365 solution that ensures only trusted users, using trusted devices and/or trusted apps get access to corporate data.


Let’s take a more detailed look at the new Outlook mobile App Configuration Policies and capabilities with Microsoft Intune which are rolling out now and revisit other recently launched enhancements.


Scale deployments with consistency

When deploying a new tool or technology, consistency and control are key.  We are introducing the ability to push specific app configuration settings for Outlook for iOS and Android such as the on/off state for saving contacts, iOS biometrics options such as Touch ID/Face ID, block external images, and external recipients MailTip. Today, this MailTip is now on in Outlook mobile by default for added consistency and protection. App configuration policies can be set, either at initial onboarding or anytime administrators want to standardize the Outlook mobile experience for their end users.  Additional settings such as Focused Inbox can also be managed by administrators as well as adjusted by the user.iOS App Config Contact Save 03202019.pngOutlook for iOS

Administrators will be able to manage these Outlook mobile app configuration settings for enrolled devices via any MDM provider. If you are using Microsoft Intune as your MDM provider, we are providing an enhanced App Configuration Policy interface for Outlook mobile, designed to make it simple for administrators to manage with ease.


Screenshot 2019-03-09 13.52.08.pngMicrosoft Intune app configuration settings page for Outlook for iOSStandardizing these settings will help simplify and scale the deployment of Outlook mobile while ensuring that end users have a consistent experience. 


If using another MDM solution, the configuration keys and instructions on how to deploy these settings for Outlook for iOS and Android can be found here.


Enable faster account setup

We have simplified Outlook mobile account set up during modern authentication for Office 365 customers.  We’ve removed the need to enter the SMTP and/or UPN address during authentication, and like single sign-on (SSO), customers need only enter their password (if an active token isn’t already available within the Microsoft app keystore).  Office 365 customers, as well as, on-premises customers leveraging hybrid Modern Authentication environments can quickly deploy Outlook mobile regardless of what MDM solution they use.  By ensuring employees use the correct work account setup, this user focused design approach can reduce calls to your helpdesk and makes securing your mobile workforce fast and easy. Check out Account Setup for Modern Authentication and account set up configuration settings  


Allowing specific accounts

For most organizations and users, we believe that the blending of work and personal within Outlook mobile enables a user to manage their entire day end-to-end, providing the best experience for the user. However, we recognize that there are scenarios where that isn’t possible. As an example, due to certain regulations and compliance policies, a subset of employees in some organizations are required to utilize company-owned and company-managed mobile devices to access corporate data. In this scenario, these employees are prevented from using the company mobile devices for personal use.


To satisfy this requirement, administrators can use Microsoft Intune or another mobile device management (MDM) solution to apply a rule that allows only the employee’s email and OneDrive for Business storage account to be accessible within Outlook mobile on enrolled devices. With this, users will not be able to add personal accounts to these company managed devices. Learn more about organization allowed accounts mode settings and how to deploy it.


We are committed to helping customers meet their mobile security and compliance requirements with capabilities and tools to manage Outlook with ease.  Visit Outlook for iOS and Android in Exchange Online to learn about the advanced app protection and configuration policies that can be deployed today and give you confidence that your corporate data is safe.


Regular Contributor

When should we expect the new app configuration policy to be available in Intune?  Currently I'm seeing a policy with options only to configure the email account settings and block external images.  


Edit: It's there now!

Occasional Visitor

Guys please add a configuration option for GCC Mode and an ability to wipe the signature



Thank you for your feedback.  We will consider your request to manage signatures. Feel free to add this to Outlook.uservoice.com. 


Regarding GCC mode, if you are an Office 365 administrator, please see the Message Center post MC175769 from March 18, 2019.   


By April 1st, US Office 365 Government Community Cloud customers will be using the native Microsoft sync technology that directly connects Outlook for iOS and Android directly to the FedRAMP compliant Exchange Online back end architecture. At that time, the set of services and features that will be accessible from Outlook mobile for GCC customers will be controlled by an Exchange Online organization setting (accessible via PowerShell cmdlet) and therefore the GCC mode toggle will be removed from the app settings. Outlook mobile will leverage the Exchange Online organization OutlookMobileGCCRestrictionsEnabled parameter value in the Office 365 Admin Center, not the Outlook mobile GCC mode toggle settings.


For more information: https://aka.ms/OMGCC  

Occasional Visitor


When will we be able to see these options in 3rd party MDM's like Airwatch?

@BPSIT - you can deploy account setup configuration, org allowed accounts mode, and general app config via any MDM as these settings are delivered via the MDM OS channel. See http://aka.ms/omappconfig for more info.
Occasional Visitor

Is there any way to set a default browser in which hyperlinks from Outlook open?  If not that would be a great feature add..

@BPSIT - Unfortunately, today there is no way to set the default browser from an app config perspective. The supported browsers are hardcoded in the app, and only appear if installed. However, we do support Edge (and managed browser) from an App Protection Policy perspective (and will prompt the user to install if they don't have the browser).
New Contributor

We have now the option for users to allow their personal email in the outlook app (iOS and Android).
They have now the ability to add attachment from OneDrive for Business in their personal email, which is from a security perspective not allowed
Is their a possibility to block this option or does the user need to use 2 email apps ?

@Guido van Dijk - Unfortunately, that capability doesn't exist today with App Protection Policies.
Frequent Visitor


We are using AirWatch as our MDM

but we didn't managed to configure integration between airwatch to azure - app protection policies.

so we decided to use the app protection policies beside AirWatch and configured policies for both iOS and Android.

that means that any user can download outlook for mobile to his device and after configuring his account he will enforces with the MAM policy.


the main problem is with the contacts, i guess almost every one that deploy to his end users their email accounts facing this issue.

how to enable searching the GAL from the native email client.

this issue can cause our company to stop with a major change to start and working with the office 365 apps and all the conditional access :(

also the default setting inside the app is not to sync the contacts to the device, and beside this its not clear at all where to find the outlook contact inside the app.


It's a big change to the end users to move from Email Native Clients where they had separated apps for each thing (mail / calendar / contacts)
to the outlook app (that suppose to be much more friendly and convenience)


so please help!!!