Skip to main content

How do I deploy Microsoft 365 Exchange accounts natively to Apple iPhones via Intune MDM?

Ing. Oliver Baltz
Updated
If you want to automatically deploy Microsoft 365 Exchange accounts to the Mail app on iPhones, then this article is for you. Especially now that Microsoft will soon permanently disable Basic Authentication and Exchange ActiveSync (EAS), it's high time to switch to Modern Authentication (OAuth 2.0).

What you need

  • An Intune MDM setup (Microsoft Endpoint Manager)
  • An iOS device (e.g., iPhone) in BYOD or MDM mode
  • A Microsoft 365 business account with Exchange Online
  • Modern Authentication enabled in your tenant (OAuth2ClientProfileEnabled)

Step 1: Enable Modern Authentication in your tenant

Connect with Connect-ExchangeOnline (PowerShell) and check: 

Get-OrganizationConfig | 
fl OAuth2ClientProfileEnabled



If False, enable it with:



Set-OrganizationConfig -OAuth2ClientProfileEnabled $true


Step 2: Create an Intune profile


    

  1. 
Go to Intune Admin Center

    2. 

  2. 
Create a new profile: Platform iOS/iPadOS, Type
Template → Email

    3. 

  3. 
Enter the following values:

      

    • 
Exchange ActiveSync Host: outlook.office365.com

      • 

    • 
Username & Email: {{UserPrincipalName}}

      • 

    • 
Authentication: OAuth

      • 

    • 
SSL: Enabled

      • 

    

    4. 

  4. Assign the profile to your user groups
    5. 



Important to know



Even if everything is distributed automatically:
Modern Auth (OAuth) requires the user to log in once.
Technically, iOS does not allow you to "push" tokens or credentials via Intune. 
This means: When the user opens the mail app for the first time, they will have to log in briefly. 
After that, everything will work smoothly. 



Alternative: Use the Outlook app



Want an even better user experience? Then instead of the native profile, simply
distribute the Outlook app via Intune. 
There, the Single Sign-On from Company Portal will work, and the login is often completely seamless.

 


Bonus tip: Automatic contact synchronization with sync.blue®




Want to automatically sync not only emails, but also
contacts to all your employees' iPhones? 
With
sync.blue®, it's incredibly easy:



    

  • 
Synchronize employee contacts from the GAL or a
central address book

    • 

  • 
Distribute them automatically to all iPhones – either directly to the
Exchange mailbox (e.g., to a subfolder) or via
CardDAV

    • 




sync.blue® saves you a lot of manual work and ensures that
your team always works with up-to-date contacts – automatically. 




Try sync.blue® free now →

In this YouTube video, you'll learn how to easily and securely synchronize contacts with iPhones and sync.blue® via Microsoft Intune.

Related articles

Comments

0 comments

Please sign in to leave a comment.