Share via

Native iOS mail client modern authentication.

Skip Hofmann 341 Reputation points
2022-02-03T17:59:02.58+00:00

Hello

I am trying to understand what version of iOS native mail client support modern auth in Exchange online? From reading the below article it sounds like i have to enable and consent to the enterprise application "Apple Internet Accounts" in Azure, before the device is able to connect using modern authentication Is this correct?

https://office365itpros.com/2021/10/18/old-apple-mail-clients-exchange-online/

This article from apple suggest that modern auth is supported,
https://support.apple.com/en-ie/guide/deployment/dep158966b23/web However i am running an Iphone 13 and i could not get the native mail client to connect. I received the below message. The error message is suggesting that i have to enable and consent to the "Apple Internet Accounts"
171114-concent1.jpg

Exchange Online
Exchange Online
A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.
Exchange | Exchange Server | Management
Exchange | Exchange Server | Management
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
0 comments
Answer accepted by question author
  1. Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator
    2022-02-03T18:09:19.107+00:00

    yes, you need your Azure/365 admin to consent this to use this. They may not allow it, so you will have to check with them.
    Note this app used to be called "iOS Accounts " in the Azure portal Enterprise Apps

    See more:
    https://techcommunity.microsoft.com/t5/azure-active-directory-identity/did-i-accidentally-provision-apple-internet-accounts-with-my-own/m-p/1317884

    and yes, modern auth is supported. Assuming your org requires and allows it, you may need to create a mail profile.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator
    2022-02-03T20:43:42.343+00:00

    Hi there, so the app/service principal "Apple Internet Accounts" that has delegated permissions to Exchange workloads in 365. When a user access Exchange Online, the iOS mail app needs these permissions to access the service. A service principal uses Modern Auth.

    Here are those perms:
    171078-image.png

    Once a user is authenticated, they will be added to the "users and Groups" section of that app in Azure.

    The second piece is the account itself. When you logon to Azure, the iphone leverages Modern Auth ( tokens/claims versus transmitting the name and password) to Azure.

  2. Ivan Rafaj 1 Reputation point
    2022-05-16T07:21:22.963+00:00

    Hi all,

    How this relates to my set-up.

    I have disabled Active Sync in my tenant by de-selecting "Exchange Active Sync (EAS)" in my tenant Settings-Org settings-Modern Authentication.

    I do not see any more sign-ins with Client App "Exchange Active Sync".

    But still I had a case where user wanted to set up native iOS mail app and this did not work - mails were not synced. When I have enabled ActiveSync on CasMailbox settings, mails were synced, but I still do not see in sign in logs that actually Active Sync basic authentication was used. I have "iOS Accounts" app registered and enabled for users to signin. Still this example user was not prompted to request consent but Active Sync needed to be enabled on user Cas Mailbox settings. I am now really confused with Active Sync and iOS native mail app. Why enabling Active Sync on a user helps if this is disabled on a tenant level and I still do not see in sign in logs that basic auth Active Sync has been used to sign in?

    Thanks Community!

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.