Skip to main content
Solved

Outlook for iOS - lock down "Add Mail Account"

  • November 16, 2022
  • 7 replies
  • 130 views

Forum|alt.badge.img+3

We are restricting the ability to add non-corporate email accounts to the native Apple mail client (which is easy to lock down in jamf by locking the Settings) but we would like to offer Outlook for iOS app as an alternative to the native client.  So...couple of questions:

1. Is it possible to push a config to the Outlook app so that is sets up the users Exchange email box?

2. Is it possible to lock down the Outlook for iOS app so that users can't add additional email accounts?

Best answer by cubandave

Thank you @cubandave - i've managed to get the config in place but i'm not having any luck locking down the Outlook app (more email accounts can still be added to the app).  Do you happen to know any caveats to this working/not working? As in... you must use Exchange Online or the device must actually be in InTune? Here is a snip of what I have in place right now:

<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>


@BBJumpingBean 

More information about this restriction is available here.

This capability is supported with Microsoft 365 and Office 365 accounts or on-premises accounts using hybrid modern authentication”

 

So if the mail accounts are not Office 365 then it will not work. 

 

 

7 replies

Forum|alt.badge.img+9
  • Contributor
  • November 17, 2022

Hello @BBJumpingBean 

Outlook for iOS can be configured with an App config in the Managed App. 

Everything you can configure is available here

App Config Keys 


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • November 18, 2022

Thank you @cubandave - i've managed to get the config in place but i'm not having any luck locking down the Outlook app (more email accounts can still be added to the app).  Do you happen to know any caveats to this working/not working? As in... you must use Exchange Online or the device must actually be in InTune? Here is a snip of what I have in place right now:

<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>


Forum|alt.badge.img+9
  • Contributor
  • Answer
  • November 20, 2022

Thank you @cubandave - i've managed to get the config in place but i'm not having any luck locking down the Outlook app (more email accounts can still be added to the app).  Do you happen to know any caveats to this working/not working? As in... you must use Exchange Online or the device must actually be in InTune? Here is a snip of what I have in place right now:

<key>IntuneMAMAllowedAccountsOnly</key>
<string>Enabled</string>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>


@BBJumpingBean 

More information about this restriction is available here.

This capability is supported with Microsoft 365 and Office 365 accounts or on-premises accounts using hybrid modern authentication”

 

So if the mail accounts are not Office 365 then it will not work. 

 

 


Forum|alt.badge.img+6
  • New Contributor
  • October 2, 2023

This works for me, users are not able to add "other" accounts into outlook for ios

<key>IntuneMAMAllowedAccountsOnly</key>
    <string>Enabled</string>


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • October 2, 2023

that setting sort of works... in testing it appears users can add a personal account if added before a corporate account. Once the corporate account is added the personal account goes away and additional accounts aren't allowed thereafter.


Forum|alt.badge.img+6
  • New Contributor
  • October 2, 2023

I am experiencing something a bit different, I had a corporate account then added a personal account, and then applied this key via app config. Now I am not able to add any more accounts but the personal account stays it does not remove


Ricky_Reid
  • New Contributor
  • November 27, 2025

After lots of testing, I found this worked for me:

<plist>
<dict>
    <key>IntuneMAMAllowedAccountsOnly</key>
    <string>Enabled</string>
    <key>IntuneMAMUPN</key>
    <string>%Username%@mydomain.com</string>
</dict>
</plist>

Obviously replace mydomain.com with whatever yours is. The setting pulls the username from the registered owner of the device on Jamf. Additionally, if you add this managed configuration to Outlook after the user has added a non-corporate account, it will remove that account and inform the user that only corporate accounts are allowed.