We recently posted in the Office Message Center about a number of administrative improvements coming to MDM for O365. As part of that work, we ran into an issue which was posted as IT153046 and also MD165485. As a follow-up, we're sharing what you can do if your end users modified their iOS email profiles during the incident, if you waited for the fix, or if you were just wondering what improvements were coming.
NOTE: IT153046 is now closed; the incident has been resolved. Feel free to take the steps below.
The first question top of mind related to IT153046 may be - what happens if my end users went and manually added their Exchange account onto the enrolled iOS device during this incident? There's just a few quick steps your end user can take now that the incident is closed. They can first remove the work email account they set up during the incident. Then, they can open the company portal, select the device to update, and the new email setting will come down to the device. Details on the steps above are posted in this user-friendly doc here: https://docs.microsoft.com/en-us/intune-user-help/existing-company-email-account-found.
The second question may be - what happens if we just waited for the incident to close? In this case, the next time the iOS device checks for MDM for O365 policy, it’ll update the email profile and prompt the end-user for their password. So you may want to let your helpdesk know about the password prompt so they can be prepared for questions regarding password prompts.
In case you're wondering what we were working on - below is a recently posted plan for change. Note that we've put the change on hold while we conduct a root cause analysis and review. As always, we'll update this post when we have any additional information.
MC152896 - Take Action: Recreate your MDM for O365 Policies by February 2019
In MC 146293, we described a number of administrative improvements coming to the MDM for O365 experience. As we shared in the prior message, as the November update rolls out, customers who use both Office and Intune (co-existence) will find that if you use the same groups for MDM for Office 365 and Intune, a subset of Intune policies may apply to the MDM for Office 365 groups. As part of the November update to MDM for O365, we are also introducing a new policy page as part of the policy improvements and will ask that you create new policies when prompted with the expanded policy experience. Your existing policies will still apply until you remove them, but starting in the February service update you will not be able delete the old policies.
How does this affect me?
If you use both MDM for O365 and Intune groups, keep an eye out for policy overlaps and know if you did not follow standard guidance to keep the groups separated, you may see a subset of policy applying. After the November update, when you login to the service and go to the Device and Security tab, you be shown the new policy page with a link to “Classic Policies.” You will need to take the action below when you see the new pages.
What do I need to do to prepare for this change?
After the November update, once you see the additional policies tab, review your “classic” policies and decide which ones you’d like to keep moving forward. Use the new policy page shown to create new MDM policies and remove the classic ones by February, 2019. If you don't want to wait until the new tab is available, you can click on the "Additional Information" link which will bring you right to the page.
11/17/2018 - post updated with MD165485. We heard from a few customers that they didn't see the SHD post, so we just reposted under an MDM for O365 SHD post #.
11/08/2018 - post updated to reflect that the change is on hold for right now.
11/07/2018 - post updated to reflect incident closure. Thank you for your patience in this matter!
