This week is all about configuring an email profile for the Outlook app. Actually preconfiguring an email profile for the users, making sure that the users only need to provide their password. Depending on the exact infrastructure, this can save a lot of (adaption) work in providing guidelines to the users. Some even want to look at this for preconfiguring an email profile for Exchange Online. I’m not that sure about that specific use case. Having said that, I do use that configuration as an example configuration. Simply because I’ve got that available in my lab. In this post I’ll show the available keys for configuring an email profile and I’ll show the configuration steps. I’ll end this post by showing the end-user experience, which will also show why I think that the added value for Exchange Online might be minimal.
Available keys and values
Let’s start by having a look at the available keys and values for configuring an email profile for the Outlook app. Below is an overview of the available keys, the value types, the default value, a short description of the accepted value and if the key is required. All the mentioned keys start with com.microsoft.outlook.EmailProfile.. I removed that prefix to make the table a bit more readable.
Key | Value type | Default value | Accepted value | Required |
EmailAccountName | String | <blank> | Display name | Yes |
EmailAddress | String | <blank> | Email address | Yes |
EmailUPN | String | <blank> | UPN or username | Yes |
ServerAuthentication | String | “Username and Password” | Authentication method | No |
ServerHostName | String | <blank> | Hostname | Yes |
AccountDomain | String | <blank> | Domain name | No |
AccountType | String | BasicAuth | Authentication model | No |
Note: Please don’t forget that all of these keys start with com.microsoft.outlook.EmailProfile..
Configuration
Now let’s continue by having a look at the configuration of the actual email profile. The following 7 steps walk through the configuration of the app configuration policy that configures an Exchange Online profile for the Outlook app on iOS.
1 | Open the Azure portal and navigate to Intune > Client apps > App configuration policies; | ||||||||||
2 | On the client apps – App configuration policies blade, click Add to open the Add configuration policy blade; | ||||||||||
3 | On the Add configuration policy blade, provide a Name, select Managed devices with Device enrollment type, select iOS with Platform and select Associated app to open the Associated app blade; | ||||||||||
4 | On the Associated app blade, select Outlook and click OK to return to the Add configuration policy blade; | ||||||||||
5 | On Add configuration policy blade, select Configuration settings to open the Configuration settings blade; | ||||||||||
6 | On the Configuration settings blade, select Use configuration designer with Configuration settings format, provide the following information and click OK to return to the Add configuration policy blade;
Note: The mentioned key and value pairs are sufficient to set the required settings for Office 365, including an additional setting to set a value to all configurable fields. |
||||||||||
— | |||||||||||
7 | On the Add configuration policy blade, click Add to add the app configuration policy. |
Note: This configuration requires a managed device to apply the configuration to the app.
End-user experience
Let’s end this post with the end-user experience. Below on the left is the first screen of the Outlook app, after the app configuration policy is applied. This shows an Exchange configuration, even though this configuration will enable Exchange Online (Office 365). Basically every profile configured via these settings will be shown as an Exchange profile. Below on the right is the second screen of the Outlook app, after the user clicked on Add Account. It only requires the user to provide a password and to click on Sign-in. This also works in combination with a conditional access rule that blocks other clients (legacy authentication).
Note: As mentioned earlier, this email configuration prevents the user from typing the UPN. That makes it easier for the user. However, instead, it provides the user with a configuration screen that can be more confusing. A decision to make. I do see a big use case for Exchange on-premises infrastructure.
More information
For more information about configuring the Outlook app, refer to the following documentation:
- Account setup in Outlook for iOS and Android using Basic authentication: https://docs.microsoft.com/en-us/exchange/clients/outlook-for-ios-and-android/account-setup
- Manage Outlook for iOS and Android configuration with Microsoft Intune: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune
- Add app configuration policies for managed iOS devices: https://docs.microsoft.com/en-us/intune/app-configuration-policies-use-ios
Hi Peter,
I see you have and configured an O365 mail profile. In your case you should have SSO without entering your password/creds cause the you are signed in at the Company Portal and it should use token-reuse, but i see this not happening in your screenshots. See more info @ https://docs.microsoft.com/nl-nl/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/setup-with-modern-authentication about the token-reuse. Any idea why you have no SSO ?
Hi RKast,
That’s correct! I think a big part of that is related to me simply throwing all accounts away locally. Over-and-over-again. Initially I had a screenshot that contained both, the auto-detected account and the profile-configured account. So nothing to special.
Regards, Peter
Hi Peter,
Not sure if that is the case. I configured this myself on an enrolled device (with o365 mailbox) and had to enter my password. I also heard someone else encounter this. So i am curious how to get the sso token-reuse working. Maybe you could try on a device without blasting away creds 🙂
Hi Rkast,
I’ll put it on my todo list (which is long).
Regards, Peter
Hi Peter,
Great article.
Is there a site where are all the available keys are listed for the apps?
For instance:
com.microsoft.outlook.EmailProfile.EmailAccountName = is one for outlook
But there are also keys for Intune Managed Browser, etc. Where can I find this?
Thank you
Regards,
Mike
Hi Mike,
The Managed Browser config is documented here: https://docs.microsoft.com/en-us/intune/app-configuration-managed-browser
Regards, Peter
Hi everyone,
Sorry to troll but…
Does anyone have the configuration key’s for the Microsoft Remote Desktop iOS App?
I have 140 or so iDevices I would really like to pre-configure the: Desktop, PC Host Name & User account. Instead of touching each device by hand.
Again, I apologize for trolling.
-Marc
Hi Marc,
There is nothing publicly documented. You might want to ask Microsoft directly for input.
Regards, Peter
Hi Peter,
Great article. I’d like to configure Skype for Business using xml file , do you have any information about how to do it ?
Best regards,
Sergio.
Hi Sergio,
I’m not aware of any app configuration options for the SfB app.
Regards, Peter
Is there a way to configure office365 settings in Outlook rather than exchange? I can’t seem to get this to work.
Hi Simon,
You mean like my example?
Regards, Peter
Hello,
Great article. Wish I had discovered this months ago. I also see that they have the template now for email profile in Intune under Device Configuration policies. Using that template or the keys and value above, can this deploy to the Outlook desktop client (Win/Mac) as well?
Hi Alex,
No, this is iOS and Android only.
Regards, Peter