At Microsoft Ignite, Outlook for iOS and Android announced support for deploying managed device account setup configuration settings for Office 365 mailboxes and on-premises mailboxes leveraging hybrid modern authentication. This capability leverages either the Managed App Configuration for iOS or the Android managed configurations to enable MDM solutions to push configuration detail. This functionality was delivered to facilitate large scale deployments of the leading, secure email client which is known to be loved by users and trusted by IT.
Today, we are announcing the availability of new functionality within the Intune that enables admins to easily deploy account setup configuration to Outlook for iOS and Android for modern authentication capable accounts via App Configuration Policies.
Figure 1: App Configuration Policy for Outlook for Android on Android Enterprise devices from https://devicemanagement.microsoft.com. If you're in https://portal.azure.com, then you'll go to Intune -> Client apps -> app configuration policies and add a config policy.
With this new policy experience, administrators can simply push Outlook account setup details to their user’s enrolled mobile devices. This updated policy experience combines the prior experience and provides administrators with a choice depending on your messaging environment:
- If the messaging environment is on-premises and not leveraging hybrid modern authentication (basic authentication), then the authentication type needs to be set to Basic authentication. Additional details like Email Server, Username attribute, and Email address attributes are required.
- If the messaging environment is Office 365 or an on-premises environment leveraging hybrid modern authentication, then the authentication type needs to be set to Modern authentication. The admin only needs to define the Username attribute and Email address attributes. Modern authentication capable accounts also support the ability for the admin to restrict Outlook for iOS and Android to only allow the work or school account; for more information see “Organization allowed accounts mode” in Setup with modern authentication.
Note that for Outlook for iOS and Android to apply these settings, the app needs to be installed and managed by the Company Portal.
We hope you enjoy this new policy experience available within the Intune portal for Outlook for iOS and Android. Up next is general app configuration. That’s right, Outlook for iOS and Android will soon support managing and configuring Outlook for iOS and Android features such as Focused Inbox and contact synchronization capabilities. Stay tuned!
Principal Program Manager
Customer Experience Engineering
Frequently asked questions:
Q: What if we are not using Intune to manage device enrollment, but instead are leveraging a third-party MDM solution?
Not to fear, we have you covered. These settings can be delivered via any MDM provider. For more information on the configuration keys you need to use, see the following articles:
- For Office 365 and on-premises mailboxes leveraging hybrid modern authentication, see Account setup with modern authentication in Exchange Online and Deploy app config settings.
- For on-premises mailboxes not leveraging hybrid modern authentication (basic authentication), see Account setup in Outlook for iOS and Android using Basic authentication.
Q: Can I deploy account setup configuration to Outlook for iOS and Android if the device is not enrolled?
No, unfortunately, that is not possible. Enrolled devices provide the identity and information necessary for configuring the app.
Q: What if I had already deployed the configuration keys manually in an App Configuration Policy; do I need to do anything?
No! The keys will be automatically consumed in the new policy experience.
Q: How do I create an App Configuration Policy for Outlook for iOS or Outlook for Android?
We’ll be updating Deploy app config settings to include the new policy experience, but you can also review Add app configuration policies for managed iOS devices and Add app configuration policies for managed Android devices.
Q: Wait – I see the setting “Block External Images” but it’s not working on the device.
Surprise, you caught us! This is unfortunately an UX bug that exposed a setting that is not yet available (configuring the setting will not have any impact in Outlook for iOS). Please stay tuned, we’ll have more to share soon.