A new architecture for Exchange hybrid customers enables Outlook mobile and security


We’re announcing a new architecture for Exchange Server and Office 365 hybrid customers that unlocks Enterprise Mobility + Security (EMS) capabilities for Outlook for iOS and Android. With Hybrid Modern Authentication, Exchange customers can combine the power of Outlook with Azure Conditional Access and Intune App Protection Policies to securely manage corporate messaging on mobile devices.

Once Exchange customers with servers on-premises establish a hybrid configuration with the Microsoft Cloud and enable Hybrid Modern Authentication with Office 365, Outlook for iOS and Android authenticates against Azure Active Directory and synchronizes the mailbox data in Exchange Online – the Outlook mobile client never connects with the on-premises Exchange environment – unlocking the power of Office 365, Outlook for iOS and Android and Enterprise Mobility + Security (EMS).

Architected in the Microsoft Cloud, Outlook for iOS and Android is fully integrated with Azure Active Directory and Microsoft Intune. This means that organizations can enforce conditional access as well as application and device management policies while experiencing the richness of Outlook for iOS and Android.

Now Exchange Server customers with hybrid modern authentication can use the cloud-backed capabilities of Outlook such as Focused Inbox, Intelligent Search and enhanced time management to achieve more on their mobile device.

A few capabilities of EMS include:

  • Selective wipe—Remove corporate email data and leave personal data intact to facilitate a “bring your own device” (BYOD) approach to phones and tablets.
  • App restriction policies—Restrict actions such as cut, copy, paste and “save as” between Intune-managed apps and personal apps on a device to reduce the risk of corporate data loss. App restriction policies are available for use on both mobile device management (MDM) enrolled devices and on unmanaged devices, through Intune’s App Protection policies.
  • Conditional access—Ensure that your corporate email can only be accessed on phones and tablets that meet secure access policies set by IT such as device or app management policy enforcement or Multi Factor Authentication (MFA) user scenarios. And with Azure Identity Protection capabilities of EMS, you can ensure these conditional access policies grant or deny access based on risks associated with each unique identity.

For the initial roll out, Exchange Server customers can contact their Microsoft account team, customer sales and services (CSS) or technical account managers to initiate the set up and deployment process for this enterprise mobility and security solution with Outlook for iOS and Android.

For more technical information and licensing requirements, see Using Hybrid Modern Authentication with Outlook for iOS and Android.

Ross Smith IV
Principal Program Manager
Office 365 Customer Experience

Comments (3)
  1. Hi Ross,

    Conditional wipe is interesting. Any plans for on-premises?

Comments are closed.

Skip to main content