+3We are restricting the ability to add non-corporate email accounts to the native Apple mail client (which is easy to lock down in jamf by locking the Settings) but we would like to offer Outlook for iOS app as an alternative to the native client. So...couple of questions:
1. Is it possible to push a config to the Outlook app so that is sets up the users Exchange email box?
2. Is it possible to lock down the Outlook for iOS app so that users can't add additional email accounts?
Best answer by cubandave
Thank you @cubandave - i've managed to get the config in place but i'm not having any luck locking down the Outlook app (more email accounts can still be added to the app). Do you happen to know any caveats to this working/not working? As in... you must use Exchange Online or the device must actually be in InTune? Here is a snip of what I have in place right now:
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>
More information about this restriction is available here.
“This capability is supported with Microsoft 365 and Office 365 accounts or on-premises accounts using hybrid modern authentication”
So if the mail accounts are not Office 365 then it will not work.
+9Hello @BBJumpingBean
Outlook for iOS can be configured with an App config in the Managed App.
Everything you can configure is available here
+3Thank you @cubandave - i've managed to get the config in place but i'm not having any luck locking down the Outlook app (more email accounts can still be added to the app). Do you happen to know any caveats to this working/not working? As in... you must use Exchange Online or the device must actually be in InTune? Here is a snip of what I have in place right now:
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>
+9Thank you @cubandave - i've managed to get the config in place but i'm not having any luck locking down the Outlook app (more email accounts can still be added to the app). Do you happen to know any caveats to this working/not working? As in... you must use Exchange Online or the device must actually be in InTune? Here is a snip of what I have in place right now:
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>
More information about this restriction is available here.
“This capability is supported with Microsoft 365 and Office 365 accounts or on-premises accounts using hybrid modern authentication”
So if the mail accounts are not Office 365 then it will not work.
+6This works for me, users are not able to add "other" accounts into outlook for ios
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
+3that setting sort of works... in testing it appears users can add a personal account if added before a corporate account. Once the corporate account is added the personal account goes away and additional accounts aren't allowed thereafter.
+6I am experiencing something a bit different, I had a corporate account then added a personal account, and then applied this key via app config. Now I am not able to add any more accounts but the personal account stays it does not remove
After lots of testing, I found this worked for me:
<plist>
<dict>
<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>%Username%@mydomain.com</string>
</dict>
</plist>
Obviously replace mydomain.com with whatever yours is. The setting pulls the username from the registered owner of the device on Jamf. Additionally, if you add this managed configuration to Outlook after the user has added a non-corporate account, it will remove that account and inform the user that only corporate accounts are allowed.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.