Jan 16 2020 03:41 AM
Jan 16 2020 03:41 AM
I've recently setup Hybrid Migration for our tenant using HCW and everything has been going smoothly so far.
We are currently using our on-prem Exchange server as the central transport hub, so any emails to and from Office 365 mailboxes should be routed through this.
Email on users phone is setup using MaaS360 MDM that automatically pushes it out to the native mail app on iPhone. This has been working fine for on-prem users.
As soon as I migrate a user, the mail on the phone keeps asking for Exchange password and won't accept the user's credentials saying that "unable to verify account information".
Nothing should have changed from the front-end, as all emails are still going to and from the on-prem Exchange server.
I asked the user to check the server settings and it is now reporting outlook.office365.com instead of the previous setup (mail.domain.com). The way we have it setup in MaaS is to mail.domain.com, so not sure how this has propagated the change.
Unfortunately, the users can't change this setting as it's forced by the MDM provider.
Jan 16 2020 07:04 AM - edited Jan 16 2020 07:05 AM
@nitvit610 are you changing user UPNs when migrating them? We found that Maas profiles would break if you do that.
Have you tried removing and adding the Mass profile on affected phones, does that resolve the issue?
Jan 16 2020 07:39 AM - edited Jan 16 2020 07:40 AM
Their UPNs have remained the same during the migration.
I spoke to MaaS support and they suggested a new policy and to change the ActiveSync settings from mail.domain.com to outlook.office365.com.
I mentioned that the mail hostname would be the same as we are routing all traffic through the on-prem server however they wouldn't budge until I tested this.
Unfortunately, it didn't seem to help the issue.
I haven't tried removing the profile and re-adding yet as this would take a long time to apply to each migrated user, and ideally would like it to be a policy change.
Knowing MaaS though, it won't be so easy :(
Jan 17 2020 03:04 AMSolution
@nitvit610 so mail routing is not relevant to the profile config, MX just says where to send the mail, your exchange server then forwards onto Exchange online. What matters is where the users mailbox is hosted, so Maas support were correct - the profile needs to point at where the mailbox resides, so once they are in O365 it should be there. This is where the mobile mail client needs to connect to in order to download the mail.
I expect you need a new profile for migrated users, and then change the profile when they get migrated. I know it can be done because I have seen this working (although I don't know Maas technically) but I do know the migrate can be done without setting up the phones again. But you could set up a new Maas email profile pointing to outlook.office365.com and just see if you can get that working. Then as you migrate users, switch the profile.
Another idea is to get rid of Maas you migrate and use Intune instead.
Jan 17 2020 04:25 AM