This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Hello
I am trying to understand what version of iOS native mail client support modern auth in Exchange online? From reading the below article it sounds like i have to enable and consent to the enterprise application "Apple Internet Accounts" in Azure, before the device is able to connect using modern authentication Is this correct?
https://office365itpros.com/2021/10/18/old-apple-mail-clients-exchange-online/
This article from apple suggest that modern auth is supported,
https://support.apple.com/en-ie/guide/deployment/dep158966b23/web However i am running an Iphone 13 and i could not get the native mail client to connect. I received the below message. The error message is suggesting that i have to enable and consent to the "Apple Internet Accounts"
yes, you need your Azure/365 admin to consent this to use this. They may not allow it, so you will have to check with them.
Note this app used to be called "iOS Accounts " in the Azure portal Enterprise Apps
and yes, modern auth is supported. Assuming your org requires and allows it, you may need to create a mail profile.
Thanks Andy for the information. Can you explain how the "Apple internet accounts" application facilitates modern auth for the native outlook client? Im trying to understand why this application is required to support modern auth when using the native outlook client on a device that us running iOS 15 ?
Thank you
Hi there, so the app/service principal "Apple Internet Accounts" that has delegated permissions to Exchange workloads in 365. When a user access Exchange Online, the iOS mail app needs these permissions to access the service. A service principal uses Modern Auth.
Here are those perms:
Once a user is authenticated, they will be added to the "users and Groups" section of that app in Azure.
The second piece is the account itself. When you logon to Azure, the iphone leverages Modern Auth ( tokens/claims versus transmitting the name and password) to Azure.
Perfect explanation. Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 44%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIR%3C/text%3E%3C/svg%3E)
Hi all,
How this relates to my set-up.
I have disabled Active Sync in my tenant by de-selecting "Exchange Active Sync (EAS)" in my tenant Settings-Org settings-Modern Authentication.
I do not see any more sign-ins with Client App "Exchange Active Sync".
But still I had a case where user wanted to set up native iOS mail app and this did not work - mails were not synced. When I have enabled ActiveSync on CasMailbox settings, mails were synced, but I still do not see in sign in logs that actually Active Sync basic authentication was used. I have "iOS Accounts" app registered and enabled for users to signin. Still this example user was not prompted to request consent but Active Sync needed to be enabled on user Cas Mailbox settings. I am now really confused with Active Sync and iOS native mail app. Why enabling Active Sync on a user helps if this is disabled on a tenant level and I still do not see in sign in logs that basic auth Active Sync has been used to sign in?
Thanks Community!