Enabling OAuth on Mail for Exchange for iOS
Microsoft has announced that they will remove the basic authentication in Exchange Online for most email connection protocols by the end of the year 2022.
This means that authentication with username and password is not supported anymore and OAuth
authentication should be used instead. This modern authentication is more secure and allows the use of two-factor authentication which the basic one doesn't.
You can enable OAuth on Mail for Exchange with the configuration profile in GoTo Resolve MDM. This article points out some things to take into consideration to successfully enable OAuth authentication for the organization's iOS devices. The article includes also information about the user experience after the configuration is deployed to the devices.
Important information
- OAuth is supported for devices running iOS 12.0 or above.
- When you enable the OAuth for the Mail for Exchange configuration in GoTo Resolve MDM (), the user-specific password is ignored even if it is set for a user ().
- When you modify the existing configuration with OAuth, test the configuration by deploying it to one or two devices before installing it for all the devices.
Viewing the status of the configuration deployment
After creating the OAuth configuration for Mail for Exchange and testing it, you can deploy it for the selected devices with GoTo Resolve MDM. You can view the status of the deployment from the Action log ().
The layout of the screen may look different in the product.
What happens on the device after the configuration is deployed
After the OAuth configuration is deployed to the device, the user needs to enter the password of the Exchange account.
The layout of the screen may look different in the product.
When pressing Edit Settings user can enter the password.
The layout of the screen may look different in the product.
Once the user has entered the correct account details to sign in, their native Exchange account will start syncing email.
In case the MFA is in use, the user must verify the identity using the authenticator application, such as Microsoft Authenticator.
The layout of the screen may look different in the product.
Troubleshooting
- If users are not prompted with the Enter the password for the Exchange account, users can open the Exchange account and press the Re-enter Password.
The layout of the screen may look different in the product. - To prevent problems when deploying the re-configured Mail for Exchange profile, remove the configuration profile without OAuth if it has been deployed to the iOS devices earlier.
The layout of the screen may look different in the product. - In a case there are no emails on the Mail app:
- Make sure the iOS device has passcode set.
- The Mail app's Shared mailbox -view might be empty when the user opens it for the first time. Going back to the Main account and then opening the Mail for Exchange account's Inbox, the messages should be visible there. Now, the Shared Inbox should also show the messages.
The layout of the screen may look different in the product.
The layout of the screen may look different in the product.