Share via

Email can't be added on Mail app on mac (com,apple.accounts error 3)

Fakher OMEZZINE 0 Reputation points
2026-02-25T15:53:14.1366667+00:00

I can't connect my exchnage email to my mail app on mac I keep getting (com,apple.accounts error 3) for over a week now.

Exchange | Other
Exchange | Other

A powerful email and collaboration platform developed by Microsoft, designed to support enterprise-level communication and productivity. Miscellaneous topics that do not fit into specific categories.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. FIRAT BOYAN 380 Reputation points Microsoft External Staff
    2026-02-25T23:00:42.53+00:00

    This error is not generated by Exchange itself. com.apple.accounts error 3 is raised by macOS when the native Mail application fails during the account configuration handshake. In Exchange Online and modern Exchange environments this is almost always related to authentication flow, Autodiscover, or conditional access enforcement.

    Below is a structured troubleshooting approach that isolates the root cause in a controlled and supportable way.

    1. Validate Exchange connectivity outside Apple Mail

    Before focusing on macOS, confirm the mailbox is fully healthy.

    1. Sign in to Outlook on the web https://outlook.office.com

    Confirm the mailbox opens without redirect or licence errors.

    Run Microsoft Remote Connectivity Analyzer https://testconnectivity.microsoft.com

    Select Outlook Autodiscover and Outlook Connectivity tests.

    If Autodiscover or authentication fails here, resolve that first. Apple Mail depends entirely on those endpoints.

    Apple Mail on current macOS versions uses OAuth 2.0 for Exchange Online.

    Verify in Exchange Online PowerShell:

    Get-OrganizationConfig | fl OAuth*

    Ensure OAuth2ClientProfileEnabled is True.

    If disabled:

    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

    Wait for replication.

    If the tenant enforces Security Defaults or Conditional Access, confirm:

    • Legacy authentication is blocked • OAuth is permitted • The user is not restricted by device compliance policies

    Conditional Access misconfiguration frequently produces this Apple error.

    3. Remove corrupted macOS account tokens

    com.apple.accounts error 3 commonly indicates corrupted local credential storage.

    On the Mac:

    System Settings

    Internet Accounts

    Remove the Exchange account completely

    Then open Keychain Access and delete:

    • All entries containing Exchange
    • All entries containing outlook.office365.com
    • Microsoft Office Identities Cache entries • Tokens related to the affected user

    Restart the Mac.

    Re add the account using:

    System Settings → Internet Accounts → Microsoft Exchange Enter full email address only and allow automatic discovery.

    Avoid manual configuration unless Autodiscover is confirmed broken.

    4. Verify Autodiscover DNS resolution

    From the Mac terminal:

    nslookup autodiscover.yourdomain.com

    For Exchange Online the CNAME should resolve to:

    autodiscover.outlook.com

    If it resolves on premises while the mailbox is cloud hosted, configuration will fail.

    Hybrid environments must ensure:

    • Mailbox location matches Autodiscover target
    • No stale SCP records exist if the device is domain joined

    5. Test via Outlook for Mac

    Install Outlook for Mac and attempt sign in.

    If Outlook works but Apple Mail fails, the issue is local macOS account framework related. If both fail, the issue is identity, Autodiscover, or tenant policy.

    This comparison is extremely useful for scoping.

    6. Check Exchange ActiveSync is enabled

    Although Apple Mail primarily uses EWS and modern authentication, some scenarios still require ActiveSync enabled.

    Verify:

    Get-CASMailbox ******@domain.com | fl ActiveSyncEnabled

    If disabled:

    Set-CASMailbox ******@domain.com -ActiveSyncEnabled $true

    7. Confirm mailbox type and licence

    Shared mailboxes without licence cannot authenticate directly in Apple Mail using primary credentials.

    If the user attempts to add:

    • Shared mailbox without licence • Soft deleted mailbox • Mailbox pending migration

    Authentication may fail silently and trigger the Apple error.

    8. macOS version considerations

    Older macOS builds have incomplete OAuth support.

    Confirm:

    • macOS is fully updated
    • Microsoft 365 authentication window appears during configuration

    If the login window does not redirect to Microsoft identity platform and instead prompts for basic password entry, OAuth negotiation is failing.

    Most Common Root Causes in Production

    From field experience, this error most often results from:

    • Conditional Access blocking non compliant devices
    • Autodiscover pointing to incorrect target in hybrid environments
    • Corrupted macOS keychain tokens
    • OAuth disabled at tenant level • User mailbox not fully provisioned

    Validate mailbox in OWA

    Confirm OAuth enabled

    Remove account and clear Keychain

    Re add using automatic discovery

    Validate Conditional Access impact

    Compare with Outlook for Mac

    This structured approach prevents random trial and error and leads to deterministic resolution.

    If you can confirm whether the mailbox is Exchange Online, Hybrid, or fully on premises, the guidance can be narrowed further.Apple Mail on current macOS versions uses OAuth 2.0 for Exchange Online.

    Verify in Exchange Online PowerShell:

    Get-OrganizationConfig | fl OAuth*

    Ensure OAuth2ClientProfileEnabled is True.

    If disabled:

    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

    Wait for replication.

    If the tenant enforces Security Defaults or Conditional Access, confirm:

    • Legacy authentication is blocked
    • OAuth is permitted
    • The user is not restricted by device compliance policies

    Conditional Access misconfiguration frequently produces this Apple error.

    3. Remove corrupted macOS account tokens

    com.apple.accounts error 3 commonly indicates corrupted local credential storage.

    On the Mac:

    System Settings

    Internet Accounts

    Remove the Exchange account completely

    Then open Keychain Access and delete:

    • All entries containing Exchange
    • All entries containing outlook.office365.com
    • Microsoft Office Identities Cache entries
    • Tokens related to the affected user

    Restart the Mac.

    Re add the account using:

    System Settings → Internet Accounts → Microsoft Exchange
    Enter full email address only and allow automatic discovery.

    Avoid manual configuration unless Autodiscover is confirmed broken.

    4. Verify Autodiscover DNS resolution

    From the Mac terminal:

    nslookup autodiscover.yourdomain.com

    For Exchange Online the CNAME should resolve to:

    autodiscover.outlook.com

    If it resolves on premises while the mailbox is cloud hosted, configuration will fail.

    Hybrid environments must ensure:

    • Mailbox location matches Autodiscover target
    • No stale SCP records exist if the device is domain joined

    5. Test via Outlook for Mac

    Install Outlook for Mac and attempt sign in.

    If Outlook works but Apple Mail fails, the issue is local macOS account framework related.
    If both fail, the issue is identity, Autodiscover, or tenant policy.

    This comparison is extremely useful for scoping.

    6. Check Exchange ActiveSync is enabled

    Although Apple Mail primarily uses EWS and modern authentication, some scenarios still require ActiveSync enabled.

    Verify:

    Get-CASMailbox ******@domain.com | fl ActiveSyncEnabled

    If disabled:

    Set-CASMailbox ******@domain.com -ActiveSyncEnabled $true

    7. Confirm mailbox type and licence

    Shared mailboxes without licence cannot authenticate directly in Apple Mail using primary credentials.

    If the user attempts to add:

    • Shared mailbox without licence
    • Soft deleted mailbox
    • Mailbox pending migration

    Authentication may fail silently and trigger the Apple error.

    8. macOS version considerations

    Older macOS builds have incomplete OAuth support.

    Confirm:

    • macOS is fully updated
    • Microsoft 365 authentication window appears during configuration

    If the login window does not redirect to Microsoft identity platform and instead prompts for basic password entry, OAuth negotiation is failing.

    Most Common Root Causes in Production

    From field experience, this error most often results from:

    • Conditional Access blocking non compliant devices
    • Autodiscover pointing to incorrect target in hybrid environments
    • Corrupted macOS keychain tokens
    • OAuth disabled at tenant level
    • User mailbox not fully provisioned

    Validate mailbox in OWA

    Confirm OAuth enabled

    Remove account and clear Keychain

    Re add using automatic discovery

    Validate Conditional Access impact

    Compare with Outlook for Mac

    This structured approach prevents random trial and error and leads to deterministic resolution.

    If you can confirm whether the mailbox is Exchange Online, Hybrid, or fully on premises, the guidance can be narrowed further.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.