App Configuration Mobile devices for Microsoft office 365 apps

I would also like to know this answer

Same. And I am reading this post nearly 2 years later!

Yes! I am looking for an answer also.

How would you pass the password?

Same. I have been scouring the internet. The closest I came was this page:
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/configure-ios-apps-with-app-configuration-policies#example-format-for-the-mobile-app-configuration-xml-file

But... of course it has not a word about the keys we need to set for excel. Boy, I tell you. They are certainly proud of Intune and what ever built in MDM they have with Office 365. Even in all the documentation I have read so far, not 1 single hint of code example.

@er1ca2000 I've been looking into this also .. couldnt figure out if they needed the {{ or a single { or none... and usign wildcards, so far no sucess, but there is also this article which is similar but different

https://docs.microsoft.com/en-gb/intune/data-transfer-between-apps-manage-ios#configure-user-upn-setting-for-microsoft-intune-or-third-party-emm

so this may also work.... but I havent tried it yet.
<dict>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>

Nope that didn't work, as it appears it isn't supported in their IOS apps, although this article suggests it may work in the Outlook app, which if this is true the other apps may also be able to read the account from the outlook app.

About to give it a try.

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune

So if you go to this page and look for outlook
https://appconfig.jamfresearch.com/settings/repository

It managed to give me this after a slight bit of modification

<dict>
    <key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>
    <string>$FULLNAME</string>
    <key>com.microsoft.outlook.EmailProfile.ServerHostName</key>
    <string>outlook.office365.com</string>
    <key>com.microsoft.outlook.EmailProfile.EmailAddress</key>
    <string>$EMAIL</string>
    <key>com.microsoft.outlook.EmailProfile.EmailUPN</key>
    <string>$EMAIL</string>
    <key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
    <string></string>
    <key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>
    <string>Username and Password</string>
    <key>com.microsoft.outlook.EmailProfile.AccountType</key>
    <string>BasicAuth</string>
</dict>

this is what I had, via the outlook app, which was bringing up the account, but for some reason not allowing the device to log into the account.

<dict>
<string>com.microsoft.outlook.EmailProfile.EmailAddress</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.EmailUPN</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.AccountType</string>
<key>ModernAuth</key>
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Enabled</key>
<string>IntuneMAMUPN</string>
<key>$EMAIL</key>
</dict>

Also tested it with <string>IntuneMAMAllowedAccountsOnly</string>
<key>Disabled</key>

and also with my email address instead of the wildcard.

i will take a look at what you have suggested above.

@rickgmac Strangely, your script (with our domain added and my script listed above) has an issue when it hits the microsoft auth page (as we use azure ad for sign in). although our accounts have no issue being added with out app config set.

Your script did post additional settigns during the account creation process when the app was loaded, but once it attempts to sign into the office365 account it just says unable to log in...

further to this problem, are you using this solution yourself?
I'm curious, if the solution would then pre auth all the other microsoft apps once outlook is launched and signed in.

As it would if you were to sign in word for example and then sign in onenote.

Ill test another device to make sure its not device specific. After testing it against a non app configuration it was still doing it, so it could also be our office365 service.

I suspect its more network or office 365 causing an issue, I will have to find the underlying cause.

strangely on another device the app configuration you gave me did work, and after the email was inserted, the other microsoft apps automatically signed in as expected.

I did find that my set of options provided less sign in options for the end user. and I am just retesting it now, seeing it appears to have been a device issue causing it not to succeed previously.

Unfortunately the App configuration options available from Microsoft for outlook do not support passing the password. This is more of a security issue, as it might be passed as clear text.

I am not considering revisiting how we distribute our mail to our end users, so that the end users can sign into all microsoft apps once adding their password when signing into outlook.

@er1ca2000 @Kayla.durance
@miregan @PAC

It looks like firewall or proxy is stoping our student users from continuing with the configuration. But this does look promising.

It's doubtful it will work but I am going to test and slip in:
<key>com.microsoft.outlook.EmailProfile.Password</key> <string>password</string>

For JAMF if using MAM you may want to try the following:
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Disabled</key>
<string>IntuneMAMUPN</string>
<key>%upn%</key>

I'm trying to have the email address automatically filled in the login form of Word Excel and Powerpoint and I am using the two keys suggested by @markdmatthews  but no luck..

Anyone with any glimmer of hope here..?

@Malcolm @rickgmac 

I had it working for a while, and then either the mdm update or the office apps stoped it from working, and I ended up clearing out what I had, however shared iPads despite not having a config, seem to get this information from the asm user sign in. no shared, seems to auto suggest using the mail configured user details thee days. At least once one app is signed in, they all are.

@G_M__webkfoe_ 

So, what you're saying is that on managed (company owned) devices, there is actually no way to send account informations out from MDM, right? @Malcolm 

I have been trying any possible solution, starting from the ones I've found in this thread up to anything coming from official microsoft pages, but did not find any of these working sadly...

@G_M__webkfoe_ 

love when you write a response that takes too long, it times out.

So I believe the below used to work for me, and at some stage either a mdm update, or iOS update or app update, caused the issue where the wildcard $EMAIL - would end up populating the login as $EMAIL instead the assigned users email address. It perhaps could simply be a need to code it slightly different. It maybe worth researching  JAMF managed distribution app settings, as it might elude to the solution if any.

<dict>
<string>com.microsoft.outlook.EmailProfile.EmailAddress</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.EmailUPN</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.AccountType</string>
<key>ModernAuth</key>
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Enabled</key>
<string>IntuneMAMUPN</string>
<key>$EMAIL</key>
</dict>

Hi @Malcolm 
After some tests, I can tell you that on a different MDM, I am able to correctly pre-configure Outlook App for iOS with the following parameters:

this seems to have the list of apps that support managed app distribution setting:

https://docs.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps

what semi worked for my users was encoring them to setup outlook first, which then signs in the other applications.

Skimming around, I found this Jamf article, on exactly how to do it for outlook, they don't elude to the other apps supporting the functionality, either, but reinforces the Microsoft link I posted indicating the other apps don't have the similar support.

https://www.jamf.com/blog/o365-ios-and-jamf-best-login-ever/

I discovered it, when I was investigating to see if I can pre-populate safari with office365 sign in.

Yeah, saw this one as well.

I have an open ticket with Microsoft, I'll let you know if anything comes out from it..

I was looking for information for managed configs with office for IOS, but I figured I'd share a tidbit that took me quite a while to learn when making a managed config for the app 'FE file explorer Pro'.
I was frustrated when testing because of seemingly random failures. I was having trouble finding any documentation, so it took me a long time to realise that I could only deploy a managed config with a given UUID once per iPad.
If you push the config to iPad A, make a change and push again, it won't work- but it will be accepted perfectly well by iPad B that is seeing it for the first time.

I'm not sure if this is app specific and I probably shouldn't be surprised that UUID's need to be, unique, but perhaps mentioning this here will save someone a few hours.

Figured I'd reply and mention that if you pasted this in here, your keys and strings are the wrong way around.