Deprecating EAS support for Outlook for iOS & Android

Microsoft

Early this year, Microsoft completed the migration of Office 365 connections for Outlook for iOS & Android from our legacy, Amazon Web Services-based architecture (which uses EAS to sync mailbox data) to our new, Office 365-based architecture which uses REST to sync data. This means that Office 365 mailbox data is now fully delivered through Microsoft services that provide a strong commitment to security, privacy and compliance. REST also provides advanced features and capabilities to the Outlook app.

 

There is a very small subset of customers who are blocking REST access in their Office 365 tenants (either intentionally or unintentionally). To date, when REST is blocked, and the Outlook app is unable to connect to the Office 365 mailbox, the app falls back to the older, AWS-based architecture to continue email access. However, Microsoft is planning to fully disable the older AWS-based architecture on June 1st, 2017.

 

If you are blocking REST access today, you will need to unblock it by June 1st so that Outlook for iOS & Android can properly use REST to connect to Office 365. If REST access is properly enabled by June 1st, any users currently falling back to the older AWS-architecture using EAS will be migrated smoothly and automatically to REST. In limited cases, the user may see their inbox refresh with rare occurrence of needing to re-authenticate. The user will also now have access to several new features in the app which are enabled by REST.

 

If policies are configured to restrict REST access to messaging data, users will lose Outlook mail access when the AWS-based architecture is disabled on June 1st.

 

The below information explains how REST access can be managed in an Office 365 tenant. If you are using Outlook for iOS & Android today, please check to ensure these controls are not blocking REST before June 1st, 2017.

 

Note: The EAS protocol is not impacted by these changes. EAS can still used by other mobile email apps to sync mailbox information with Office 365. 

 

Managing REST access in your Office 365 tenant

The information below can also be found on TechNet. See “Enabling Outlook for iOS & Android in Exchange Online”.

 

EWS application policies

An EWS application policy can control whether or not applications are allowed to leverage the REST API. Note that when you configure an EWS application policy that only allows specific applications access to your messaging environment, you must add the user-agent string for Outlook for iOS & Android to the EWS allow list.

 

The following example shows how to add the user-agent strings to the EWS allow list:

 

Set-OrganizationConfig -EwsAllowList @{Add="Outlook-iOS/*","Outlook-Android/*"}

 

For more information, see How to: Control access to EWS in Exchange.

 

Enabling/Disabling EWS in your Office 365 tenant

In the event that you are not using an EWS application policy, but are controlling access to EWS, ensure that EWS is not disabled for your organization or the individual users you want using Outlook:

  1. Example: Set-OrganizationConfig -EwsEnabled:$true
  2. Example: Set-CASMailbox <mailbox> -EWSEnabled:$true

 

Client access rules

Client access rules are like transport rules for client connections to your Exchange Online environment. Conditions and exceptions are applied to each connection attempt based on the properties of the user or the properties of the client connection.

 

Because client access rules affect only the management of the protocol session that the client is utilizing, you will need to ensure that the REST API is allowed access (this is done with a client access rule). Otherwise, Outlook for iOS & Android users will not be able to connect and access their mailboxes.

 

The following example shows how to allow the REST API access:

New-ClientAccessRule -Action AllowAccess -Name AllowREST -AnyOfProtocols REST

 

Note that you can't use the AnyOfClientIPAddressesOrRanges parameter to manage Outlook for iOS & Android. This is due to the Office 365-based architecture that is leveraged by Outlook for iOS & Android.

 

Additional resources:

 

15 Replies

Hi Allen,

 

what about EAS for Outlook on Windows? From last Interoperability Summit in Redmond I learned that it will stay in, just want to make sure plans have not changed...

 

Thanks in advance!

Yep, no changes. EAS will continue working as it is. Just not for the Outlook apps on iOS & Android. Everything else stays unchanged. 

My account is cjiang66@wisc.edu, however, after changing my password of my school account, I could not log in it on the outlook app. I tried to turn off my phone, I tried to clear the cache, and I tried to delete the app and then re-download it. However, none of the methods work for me. I don’t know what I should do. It’s really inconvenient to live without this app for me!

@Allen Filush 

Outlook for iOS
I am unable to access my school email and I am unable to log in because the email server is set up incorrectly.
Hi. I'm having trouble logging in. It's school e-mail but I can't log in. Office365 login is possible, but outlook login is not possible. The email address in question is qor0wn@syuin.ac.kr So I made a brief inquiry. I was told that I could not log in because the e-mail server was set up incorrectly. I need e-mail when I work at school, so I want you to solve this problem quickly. Thank you.
I am unable to login into my school email because the email server is set up incorrectly.
I am unable to login to my school email: tbookhart@fordham.edu because the server is not set up correctly. Please help.
My school email isn’t letting me Login to the outlook app and it says because it’s denied ! How can I fix this ! Thank you!

@Allen Filush 

 

Thanks for your detailed information but, unfortunately I do not think my company has wrongly configured Exchange Server since it has been done by a Microsoft External Support.

Actually, I am able to login to office 365 from Windows Outlook, Mac Outlook, Mac Mail, iOS Mail.

The only issue is when I am trying to connect using iOS Outlook App. that's very wired...

Please let us know a solution that will not involve our companies since they do not have any issue with outlook configuration...

https://akams/vw4zdi
I just upgraded my phone to the 12pro max, I already had my work email on my phone, before I upgraded. Now it’s not working, it’s saying I’m blocked
I have problem with access to my work account. Is this the iPhone 12 Pro the problem?