Microsoft

Microsoft Intune Feedback

Suggestion box powered by UserVoice

How can we improve Microsoft Intune

Modern authentication for native mail

We need to be able to configure email profiles with modern authentication. It is supported now by iOS but not by Intune. This problem is making an MFA rollout to existing email profiles very difficult and leaving gaps in our ability to retire native emails when employees have to configure their own exchange profiles.

Outlook is great and all but conditional access doesn’t prevent the native client from being used.

205 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Mark Graff shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

22 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Stephen Normandin commented  ·   ·  Flag as inappropriate

    @Cathy Moya, is this enabled for Office 365 MDM? I still don't seem to be able to deploy Office 365 MDM for 2-factor authentication users. It constantly asks for a password in the native mail app.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Tony, thanks for posting the update. You are absolutely right they literally must have added it hours before your post as we were looking for that button earlier last week. MS should be blasting this news as it is a major win for them!

    2FA works with MDM now!

  • Tony Newport commented  ·   ·  Flag as inappropriate

    It appears this has been added. I now have a setting entry in my Intune Email Device Configuration Policy named, "OAuth". When enabled and pushed to an iOS 12 iPhone, the native client redirected to settings, which redirected to modern auth sign in. A little clunky, but works!

  • Doug commented  ·   ·  Flag as inappropriate

    Cathy:
    We are using Conditional Access to require 95% of our users to Outlook mobile. But for those users that we must offer the native iOS mail profile to, we want to be able to deliver it using modern authentication (which will prompt for MFA if that requirement is there) using Intune MDM. My understanding is when Apple shipped iOS 11 modern auth support was added, but not the ability to push a profile using it. But with iOS 12 that support was added, and other MDMs have shipped that capability already, but Intune has not. iOS 12 shipped in mid-September - what is holding up offering a switch in deploying a mail profile for this?

  • Robert Anderson commented  ·   ·  Flag as inappropriate

    Can this request be consolidated with "IOS email profile does not support MFA" to bump up the votes a little?

  • Doug commented  ·   ·  Flag as inappropriate

    Sadly Oct 22 release of Intune did not add this support. Come on Microsoft! Can't kill basic auth until we can push modern auth as the iOS mail profile. (Moving most users to Outlook mobile but still need to support iOS mail as well for some users!)

  • Mark commented  ·   ·  Flag as inappropriate

    Microsoft is previewing the blocking of basic authentication and Intune MDM doesn't support modern authentication via device configuration. Once Microsoft moves this security policy out of preview mode, it will block many devices.

  • Doug commented  ·   ·  Flag as inappropriate

    Really, really need this. The support is apparently in iOS 12 (as per others below and as per other MDM vendors) - please get this supported added to Intune ASAP to push a mail profile that requires modern authentication/OAuth.

  • Mike commented  ·   ·  Flag as inappropriate

    This is delaying our rollout of Intune and Exchange Online. Fully expected this to be supported when iOS 12 hit. can anyone comment on a timeline for support via profiles?

    While we are at it, will support for switching email profiles without re-enrollment get fixed. currently in testing a user that has an on-prem mail profile gets moved to 0365 and their group-based profile changes, they are stuck with the on-prem mail profile.

  • Richard commented  ·   ·  Flag as inappropriate

    we found that : https://docs.microsoft.com/en-us/intune/email-settings-ios
    Authentication method - Select either Username and Password or Certificates as the authentication method used by the email profile (Note: Azure Multi-factor authentication (MFA)is not supported).
    and now in IOS11, the native apps support MFA. But the email profile does not support MFA.
    We need email profile to support MFA with IOS native mail app.

  • Ravi commented  ·   ·  Flag as inappropriate

    Most of my Customers are looking for this feature. Plesae help us in getting this features enabled.

  • Rich commented  ·   ·  Flag as inappropriate

    Agreed. We've got over 1000 users in our environment and auditors are inching us closer to requiring MFA on mobile devices. Current capabilities limit us to having to direct people to use app passwords, and that's a nonstarter. I'd love to be able to tell people to just switch over and use the Outlook app, but politics prevent that. Really hoping that this gets figured out/implemented soon.

  • Dmitriy Ilyin commented  ·   ·  Flag as inappropriate

    Our configuration:
    Hybrid Exchange 2013 CU20 + HMA
    Autodiscover point to OnPrem.
    Mailboxes ~1500
    Clients iOS 11.0+ devices with native mail client.
    Planing Enterprise Mobility E3 users ~ 300

    ATM (05/2018) the only way to have HMAuth on iOS native mail client is to configure (create) email profile manually using Sing in button.
    It will be great to allow deliver such email profiles (that allow configure email based on HMA) from Intune to iPhones that minimize user inputs.

← Previous 1

Feedback and Knowledge Base