Hosting your email on Office 365 (O365) is simple and reliable — when done right. If you want to take full advantage of Microsoft Outlook (an app within Office 365) on iOS, here’s a fast and easy way to set it up for your users and avoid confusing configuration help desk tickets.
Step 1 - Get Outlook licenses through Apple Business Manager / Apple School Manager
Go to business.apple.com or school.apple.com and use your Volume Purchase of Apps and Books account under the Content menu item to add an appropriate number of licenses for your organization. The license for the app is free; you pay for the service through your O365 subscription.
Step 2 - Use Jamf to distribute Outlook to your users
In Jamf Pro, go to Devices → Mobile Device Apps and search for Outlook. Your Jamf Pro server, when properly configured with the VPP program, will populate your new licenses within a few minutes.
Select Microsoft Outlook to configure it for your users. From here you can choose to install the app automatically or make it available in the Self Service app, update automagically, and make the app managed. (What does making the app managed mean? Check out this blog post on the power of managed apps and protecting your institution’s data.)
The real power is under the VPP tab and the App Configuration tab. If you select “Assign VPP Content,” the user is not prompted for an Apple ID to install the app. One less step and potential phone call to the help desk.
Under the App Configuration tab, you need a super basic set of keys to configure O365. A full list of things you can configure is available at https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune, but for now, just copy and paste this:
<dict> <key>com.microsoft.outlook.EmailProfile.AccountType</key> <string>ModernAuth</string> <key>com.microsoft.outlook.EmailProfile.EmailAddress</key> <string>$EMAIL</string> <key>com.microsoft.outlook.EmailProfile.EmailUPN</key> <string>$USERNAME</string> <key>IntuneMAMAllowedAccountsOnly</key> <string>disabled</string> <key>IntuneMAMUPN</key> <string>$EMAIL</string> <key>com.microsoft.intune.mam.AllowedAccountUPNs</key> <string>$EMAIL</string> </dict>
Because Microsoft is constantly improving Outlook and Office 365 services, always refer to https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/outlook-for-ios-and-android-configuration-with-microsoft-intune to get the latest required settings for your server.
When the app is installed on the user’s device, Jamf Pro will pass some info already know about that user when you assigned it, pulling right from the inventory record. If you included the User Name and Email in the inventory record, the end user doesn’t need to fill that out. That’s the power of the $USERNAME and $EMAIL variables you can see in the preferences file. (Note: For most O365 instances, the user name and the email will be the same information.)
Step 3 - There is no step three
When the user starts the application for the first time, they’re prompted to add their institutional account to the system and are prompted for their password.
Want to put this workflow to the test, but not already a Jamf Pro customer? Take the first step in changing that by requesting a trial or contacting us today. And if you’re more of a Mac and Office user, read our Managing Microsoft Office 2019 for Mac tutorial.