Microsoft has announced that they will remove the basic authentication in Exchange Online for most email connection protocols by the end of the year 2022. This means that authentication with username and password is not supported anymore and OAuth authentication should be used instead. This modern authentication is more secure and allows the use of two-factor authentication which the basic one doesn't.
You can enable OAuth on Mail for Exchange with the configuration profile in Miradore. This article points out some things to take into consideration to successfully enable OAuth authentication for the organization's iOS devices. The article includes also information about the user experience after the configuration is deployed to the devices.
- OAuth is supported for devices running iOS 12.0 or above.
- When you enable the OAuth for the Mail for Exchange configuration in Miradore (Management > Configuration profiles), the user-specific password is ignored even if it is set for a user (Company > Users).
- When you modify the existing configuration with OAuth, test the configuration by deploying it to one or two devices before installing it for all the devices.
Viewing the status of the configuration deployment
After creating the OAuth configuration for Mail for Exchange and testing it, you can deploy it for the selected devices with Miradore. You can view the status of the deployment from the Action log (Management > Action log).
What happens on the device after the configuration is deployed
After the OAuth configuration is deployed to the device, the user needs to enter the password of the Exchange account.
When pressing Edit Settings user can enter the password.
Once the user has entered the correct account details to sign in, their native Exchange account will start syncing email.
In case the MFA is in use, the user must verify the identity using the authenticator application, such as Microsoft Authenticator.
- If users are not prompted with the Enter the password for the Exchange account, users can open Settings > Mail > Accounts > the Exchange account and press the Re-enter Password.
- To prevent problems when deploying the re-configured Mail for Exchange profile, remove the configuration profile without OAuth if it has been deployed to the iOS devices earlier.
- In a case there are no emails on the Mail app:
- Make sure the iOS device has passcode set.
- The Mail app's Shared mailbox -view might be empty when the user opens it for the first time. Going back to the Main account and then opening the Mail for Exchange account's Inbox, the messages should be visible there. Now, the Shared Inbox should also show the messages.