Posted on 04-05-2016 05:32 AM
Hi guys
Has anyone been able to setup an office 365 account via an email variable in the mobile device app configuration box? e.g. the iPad Microsoft word app. Is it even possible? Any help or guidance would be awesome.
Posted on 05-23-2016 05:46 PM
I would also like to know this answer
Posted on 03-01-2018 11:18 AM
Same. And I am reading this post nearly 2 years later!
Posted on 03-09-2018 12:01 PM
Yes! I am looking for an answer also.
Posted on 03-09-2018 12:18 PM
How would you pass the password?
Posted on 03-22-2018 11:58 AM
Same. I have been scouring the internet. The closest I came was this page:
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/configure-ios-apps-with-app-configuration-policies#example-format-for-the-mobile-app-configuration-xml-file
But... of course it has not a word about the keys we need to set for excel. Boy, I tell you. They are certainly proud of Intune and what ever built in MDM they have with Office 365. Even in all the documentation I have read so far, not 1 single hint of code example.
Posted on 10-14-2018 06:34 PM
@er1ca2000 I've been looking into this also .. couldnt figure out if they needed the {{ or a single { or none... and usign wildcards, so far no sucess, but there is also this article which is similar but different
https://docs.microsoft.com/en-gb/intune/data-transfer-between-apps-manage-ios#configure-user-upn-setting-for-microsoft-intune-or-third-party-emm
so this may also work.... but I havent tried it yet.
<dict>
<key>IntuneMAMUPN</key>
<string>$EMAIL</string>
</dict>
Posted on 10-14-2018 09:24 PM
Nope that didn't work, as it appears it isn't supported in their IOS apps, although this article suggests it may work in the Outlook app, which if this is true the other apps may also be able to read the account from the outlook app.
About to give it a try.
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune
Posted on 10-15-2018 06:34 AM
So if you go to this page and look for outlook
https://appconfig.jamfresearch.com/settings/repository
It managed to give me this after a slight bit of modification
<dict>
<key>com.microsoft.outlook.EmailProfile.EmailAccountName</key>
<string>$FULLNAME</string>
<key>com.microsoft.outlook.EmailProfile.ServerHostName</key>
<string>outlook.office365.com</string>
<key>com.microsoft.outlook.EmailProfile.EmailAddress</key>
<string>$EMAIL</string>
<key>com.microsoft.outlook.EmailProfile.EmailUPN</key>
<string>$EMAIL</string>
<key>com.microsoft.outlook.EmailProfile.AccountDomain</key>
<string></string>
<key>com.microsoft.outlook.EmailProfile.ServerAuthentication</key>
<string>Username and Password</string>
<key>com.microsoft.outlook.EmailProfile.AccountType</key>
<string>BasicAuth</string>
</dict>
Posted on 10-15-2018 03:58 PM
this is what I had, via the outlook app, which was bringing up the account, but for some reason not allowing the device to log into the account.
<dict>
<string>com.microsoft.outlook.EmailProfile.EmailAddress</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.EmailUPN</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.AccountType</string>
<key>ModernAuth</key>
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Enabled</key>
<string>IntuneMAMUPN</string>
<key>$EMAIL</key>
</dict>
Also tested it with
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Disabled</key>
and also with my email address instead of the wildcard.
i will take a look at what you have suggested above.
Posted on 10-15-2018 04:13 PM
@rickgmac Strangely, your script (with our domain added and my script listed above) has an issue when it hits the microsoft auth page (as we use azure ad for sign in). although our accounts have no issue being added with out app config set.
Your script did post additional settigns during the account creation process when the app was loaded, but once it attempts to sign into the office365 account it just says unable to log in...
further to this problem, are you using this solution yourself?
I'm curious, if the solution would then pre auth all the other microsoft apps once outlook is launched and signed in.
As it would if you were to sign in word for example and then sign in onenote.
Posted on 10-15-2018 09:14 PM
Ill test another device to make sure its not device specific. After testing it against a non app configuration it was still doing it, so it could also be our office365 service.
Posted on 10-16-2018 03:17 PM
I suspect its more network or office 365 causing an issue, I will have to find the underlying cause.
Posted on 10-16-2018 11:08 PM
strangely on another device the app configuration you gave me did work, and after the email was inserted, the other microsoft apps automatically signed in as expected.
I did find that my set of options provided less sign in options for the end user. and I am just retesting it now, seeing it appears to have been a device issue causing it not to succeed previously.
Unfortunately the App configuration options available from Microsoft for outlook do not support passing the password. This is more of a security issue, as it might be passed as clear text.
I am not considering revisiting how we distribute our mail to our end users, so that the end users can sign into all microsoft apps once adding their password when signing into outlook.
Posted on 10-16-2018 11:23 PM
It looks like firewall or proxy is stoping our student users from continuing with the configuration. But this does look promising.
It's doubtful it will work but I am going to test and slip in:
<key>com.microsoft.outlook.EmailProfile.Password</key>
<string>password</string>
Posted on 11-20-2019 09:56 AM
For JAMF if using MAM you may want to try the following:
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Disabled</key>
<string>IntuneMAMUPN</string>
<key>%upn%</key>
02-11-2022 03:07 AM - edited 02-11-2022 07:21 AM
I'm trying to have the email address automatically filled in the login form of Word Excel and Powerpoint and I am using the two keys suggested by @markdmatthews but no luck..
Anyone with any glimmer of hope here..?
02-14-2022 03:05 PM - edited 02-14-2022 03:07 PM
I had it working for a while, and then either the mdm update or the office apps stoped it from working, and I ended up clearing out what I had, however shared iPads despite not having a config, seem to get this information from the asm user sign in. no shared, seems to auto suggest using the mail configured user details thee days. At least once one app is signed in, they all are.
02-15-2022 12:12 AM - edited 02-15-2022 12:12 AM
So, what you're saying is that on managed (company owned) devices, there is actually no way to send account informations out from MDM, right? @Malcolm
I have been trying any possible solution, starting from the ones I've found in this thread up to anything coming from official microsoft pages, but did not find any of these working sadly...
Posted on 02-15-2022 06:48 PM
love when you write a response that takes too long, it times out.
So I believe the below used to work for me, and at some stage either a mdm update, or iOS update or app update, caused the issue where the wildcard $EMAIL - would end up populating the login as $EMAIL instead the assigned users email address. It perhaps could simply be a need to code it slightly different. It maybe worth researching JAMF managed distribution app settings, as it might elude to the solution if any.
<dict>
<string>com.microsoft.outlook.EmailProfile.EmailAddress</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.EmailUPN</string>
<key>$EMAIL</key>
<string>com.microsoft.outlook.EmailProfile.AccountType</string>
<key>ModernAuth</key>
<string>IntuneMAMAllowedAccountsOnly</string>
<key>Enabled</key>
<string>IntuneMAMUPN</string>
<key>$EMAIL</key>
</dict>
Posted on 02-16-2022 06:44 AM
Hi @Malcolm
After some tests, I can tell you that on a different MDM, I am able to correctly pre-configure Outlook App for iOS with the following parameters:
Posted on 02-16-2022 06:08 PM
this seems to have the list of apps that support managed app distribution setting:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps
what semi worked for my users was encoring them to setup outlook first, which then signs in the other applications.
Posted on 02-17-2022 05:16 PM
Skimming around, I found this Jamf article, on exactly how to do it for outlook, they don't elude to the other apps supporting the functionality, either, but reinforces the Microsoft link I posted indicating the other apps don't have the similar support.
https://www.jamf.com/blog/o365-ios-and-jamf-best-login-ever/
I discovered it, when I was investigating to see if I can pre-populate safari with office365 sign in.
Posted on 02-17-2022 11:18 PM
Yeah, saw this one as well.
I have an open ticket with Microsoft, I'll let you know if anything comes out from it..
Posted on 01-06-2023 07:57 AM
did you or MS end up coming up with anything else on this?
Posted on 06-15-2022 08:37 PM
So after a lot of searching I found these:
https://blog.eucse.com/app-config-all-the-values-you-need/#1570028207837-b47e051c-379f
https://d2e3kgnhdeg083.cloudfront.net/
https://d2e3kgnhdeg083.cloudfront.net/com.microsoft.Office.Outlook/current/appconfig.xml
I've already written this once before the page timed out so I'm not in the mood to go into the nitty gritty.
Summary is, there were/are no configurable keys for any IOS app other than outlook.
JAMF variables (For JAMF education at least) should be %VARIABLE% instead of $VARIABLE.
If you were hoping that deploying creds to outlook would auth other apps, it doesn't work because as far as I can tell, the config only functions with the Exchange only variables set (see the third link), this can log into an O365 email just fine, but it doesn't interact with the MSidentity 3 cache in the same way as a SSO/office 365 login step would. My guess based on documentation and some perusing of event logs pulled with apple configurator is that it doesn't generate an authentication token that can be used by other apps if you do it this way. I will email the writer of the article 'best login ever' and ask how he gets an office 365 login with values that are exchange exclusive set and the wrong auth type, since either I'm missing something or it's just misleading.
Since the outlook XML keys haven't been updated since 2019, I'm going to assume that no development resources are going in that direction and all the eggs are in some magical intune ADAL basket.
If you are finding this page because you want to deploy managed configurations to your IOS office apps and it's still 2022, consider giving up now.
TLDR: You can deploy to outlook and outlook alone of the office apps with managed configs. It will do the account exchange style so no fancy interactions and probably other hidden problems I'm not going to test for right now. Onedrive if you use a file manager app as an intermediary I guess.
Posted on 06-15-2022 12:49 AM
Figured I'd reply and mention that if you pasted this in here, your keys and strings are the wrong way around.
Posted on 06-14-2022 10:59 PM
I was looking for information for managed configs with office for IOS, but I figured I'd share a tidbit that took me quite a while to learn when making a managed config for the app 'FE file explorer Pro'.
I was frustrated when testing because of seemingly random failures. I was having trouble finding any documentation, so it took me a long time to realise that I could only deploy a managed config with a given UUID once per iPad.
If you push the config to iPad A, make a change and push again, it won't work- but it will be accepted perfectly well by iPad B that is seeing it for the first time.
I'm not sure if this is app specific and I probably shouldn't be surprised that UUID's need to be, unique, but perhaps mentioning this here will save someone a few hours.