Now that the schedules tab is removed from Outlook's preferences... has anyone figure out a way to apply a self configuration script like this one?
https://github.com/talkingmoose/Outlook-Exchange-Setup
Our users really enjoyed everything being automagically configured.
Hello,
When a new user logs in and opens Outlook for the first time, the first window they see is the "Set Up Your Email" popup window and then a few seconds later they get the username and password box for the auto connect to happen (which is good!) The problem that I'm seeing is when a user is presented with the first "Set up Your Email" window, they go down that rabbit hole and Outlook doesn't auto configure and in a lot of cases, they hit cancel on the username/password box that pops up a few seconds later.
My Question: Is there a way to disable the first "Set Up Your Email" window? this way they will only be presented with username/password dialog. Once we get that accomplished, then it's down to user training to go ahead and enter the password and not hit cancel.
Thanks!
@gbunner, see line 51 of this spreadsheet:
https://docs.google.com/spreadsheets/d/1ESX5td0y0OP3jdzZ-C2SItm-TUi-iA_bcHCBvaoCumw/edit#gid=0
Mac admins requested the ability to block the automatic setup and Microsoft responded by providing us this key/value pair.
To create a Configuration Profile in your Jamf Pro server:
Create the plist with the setting (copy these two lines and paste into Terminal):
/usr/bin/defaults write ~/Desktop/com.microsoft.Outlook.plist OverrideAccountConfigurationWindow -bool TRUE
Convert the new plist on your Desktop from binary to a plain text XML file:
/usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Outlook.plist
In your JSS, create a new Configuration Profile with a Custom payload. Upload the com.microsoft.Outlook.plist file and save.
You can download the Configuration Profile for testing on a local machine before deploying to your Macs.
@talkingmoose Do you have deployment guide on how to use the script at https://github.com/talkingmoose/Oulook-Exchange-Setup-5.0?
I am quite new to Mac and Jamf.
Thank you!
@boonkeatgan, I do! Check out the wiki just a few tabs to the right of the download page:
https://github.com/talkingmoose/Outlook-Exchange-Setup-5/wiki
@talkingmoose Thank you so much!
@talkingmoose First of all, thank you for the Script. It is amazing and working for me.
The only thing is when i deploy the mobile config, it will prompted on error unable to configure. When i remove the mobile config, it is working fine.
Any idea whats wrong with the mobileconfig portion?
@boonkeatgan, the mobileconfig file is there for convenience. If you want to remove it from the Package/ROOT/tmp/Outlook Exchange Setup 5 folder before making your deployment package, everything will work just fine.
Eventually, you may want to suppress some of the Outlook first run windows. You can create a configuration profile in Jamf to do this and deploy it using Jamf. That's effectively the same thing as deploying the mobileconfig file in the package. Let's worry about whether you need to do that after you've removed the mobileconfig file and tested.
@talkingmoose Thank you! we are ok with the first run.
I saw you posted the Lync (somewhere in 2012), do you happen to have Skype for Business version too?
@boonkeatgan, nothing for Skype, unfortunately. It's not something I have experience managing. But someone did a really nice job documenting the manageable settings here:
@talkingmoose Hey, I am trying to use your Pacakge for Deployment.app and it keeps erroring out. I have tried following the directions for your terminal workaround which I found on the wiki and have gotten the same issue. I also tried the work around by running it in script editor. It keeps giving me the "Package build failed. Verify ROOT and Scripts folders are in the same folder as this Package for Deployment app." message. Any idea on whats going on? I am trying to build this on a Sierra 10.12.6 mac. Any help is appreciated! Thanks!
@alexyu650, if you've already tried running from within the Script Editor, try copying the entire contents of that script to another Script Editor window and run it there. Apple has done some hardening, which makes the packaging app/script difficult for people to use.
However, the Terminal commands should work just fine. That's all the script is running.
@talkingmoose Thank you for the link. A quick question on the outlook kerboros setting. When i choose useKerboros=true, it will not choose the kerbors i have (please see attached). Instead of it create it own localcacheuser@domain file. How can we define this during deployments?
@boonkeatgan, the Kerberos setting assumes you're logging in with an Active Directory account. Then, the script reads the Active Directory user of the current user to determine the Kerberos user string.
I just want to make sure you're testing with an Active Directory account when you see this.
Next, I recently worked with someone who's Active Directory information that's returned during a lookup differed in structure from my Active Directory test instance. I proposed the following change to the script. See if it helps you as well:
Locate this section:
set AppleScript's text item delimiters to {";Kerberosv5;;", ";"}
try
set userKerberosRealm to text item 2 of userInformation
end try
set AppleScript's text item delimiters to {""}And replace it with this:
set AppleScript's text item delimiters to {";Kerberosv5;;", ";"}
repeat with aParagraph from 1 to count of paragraphs of userInformation
if paragraph aParagraph of userInformation contains "Kerberosv5" then
try
set userKerberosRealm to text item 2 of paragraph aParagraph of userInformation
exit repeat
end try
end if
end repeat
set AppleScript's text item delimiters to {""}@talkingmoose Wow, you are genius mate! After changed the script and it is worked like charm.
Right now only outstanding item is the Welcome to Outlook prompt and I need to completely exit MS Outlook then relaunch again before the script is able to work.
I tried to use the mobileconfig provided, if the "Setup your email" screen does not pop up. The script wont work.
@boonkeatgan, I really appreciate you testing that second script snippet so quickly! I'll eventually work to incorporate that change in the script, now that I have a second confirmation it works.
The screen offering to configure an Outlook account is only presented for Office 365 accounts. Line 52 of this very comprehensive list of plist keys/values for Outlook is the solution.
Create a plist file similar to this and upload it to a Custom Settings payload in a new Configuration Profile:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OverrideAccountConfigurationWindow</key>
<true/>
</dict>
</plist>As for having to restart Outlook when setting to use Kerberos, I've heard this a few times. By the time it's configured, the script is finished running. This is just the behavior of Outlook. I don't know of anything to begin the sync without restarting.
@talkingmoose Thank you for the quick reply. I tested that configuration profile before. Once this config profile is installed, the auto script wont work at all. No matter how many times you restarted the outlook.
I still have not find any clue on this.
@boonkeatgan, be sure to always test under a clean user account. I suggest using a VM with snapshots to help you roll back to a state before Outlook's first launch.
Also, are you leaving the configuration profile that accompanies the script in the package and deploying it to? Or are you deploying that profile using Jamf? Either method should work. It just needs to be there before Outlook runs the first time.
@talkingmoose Merry Xmas to you mate.
I was away and just happen to see your reply. Sorry for late response.
Yes, I always re-image on MacBook Pro when doing the testing. For the configuration profiles, i deployed during imaging. So, it should be there before user click on Outlook.
I cannot deploy the config profile thru push down because we are using Bluecoat Proxy. If we want to deploy the config profile, we will extract and put it as policies instead.
Never mind.. I'm an idiot!
Hello Moose,
I really like this idea, do you think it will coming soon? I have a problem with my accounts at the moment, we are switched from AD to Local accounts (NoMAD) and now we want to configure the email locally but its not working anymore.
I have adjusted everything but maybe I see something wrong?
Your return output is the same as mine, so that will be ok.
I wrote the script for environments where Autodiscover wasn't available. At the time I was using it, I was educating my Exchange folks about Autodiscover, but they were pretty slow to enable it.
Outlook's AppleScript dictionary does support calling Autodiscover:
tell application "Microsoft Outlook"
autodiscover email address "bill@talkingmoose.net" user name "bill@talkingmoose.net"
end tell
It returns something like:
true, server:"https://outlook.office365.com/EWS/Exchange.asmx",
primary smtp address:"bill@talkingmoose.net",
oab manifest url:"https://outlook.office365.com/OAB/2d1f6b5f-c74d-0000-b7f4-fbbda4ee8c30/",
port:443, full name:"William M. Smith", ldap server
I've just never considered modifying the script to support Autodiscover if it already works. It would take a bit of work to redo the script to support Autodiscover (maybe version 6.0?), but if you're familiar with how to take the output above and slip it into the properties at the top of the script, then that should be all you need.
thanks for your good tool!
Hi @mvught! I responded to your message on Slack. Had a couple questions for you there.
@talkingmoose are you able to confirm this is working for Mojave?
if I run the package rather than as a deployed package it comes up saying it is incompatible with this version.
after editing the script, and running the script from script editor it did appear to complete the script install. but the pkg not as successful.
But it could be a user error on my end in compiling the .pkg
So if you can confirm it runs on Mojave I can look at where I went wrong.
Further investigation found that it was due to it being run previously on the device.
It's now working for the most part for me on Mojave.
What is occurring however is:
each signed on user gets prompted by the first use splash screen (I think there was mention of a solution to this further up int he thread so I will investigate).
our office365 still requires auth which cant be over come it seems, especially as we auth via azuread instead of adfs.
and the OSAscript wants the authority to run with each user instance when outlook is first opened.
Would this be a permissions issue that I can overcome? Or does the pkg need to be signed with a code signing cert? As I have one if it would solve the problem?
@Malcolm, just now seeing this. Thanks for your diligence in troubleshooting.
I haven't yet tested the scripts on Mojave, but I suspect you're seeing what I was afraid would happen. I'm thinking Mojave's new Privacy Protections feature may be getting invoked. While Jamf does have the ability to send a configuration profile to Macs to eliminate these prompts, scripts require a little extra attention and signing.
I need to investigate this and see what can be done.
In the meantime, Microsoft has enabled both Office 365 activation and Outlook configuration using configuration profiles. This is all new as of the latest release of Office 2019 v16.18 and was demonstrated at this year's JNUC. I've already composed a blog post but I'm waiting for the video to release before publishing.
Are you using a directory service such as Active Directory or LDAP to populate email addresses into the computer records in Jamf Pro?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.