Hi Community,
I'm running into an issue with the proper configuration of a profile that pushes OAUTH as a setting for Exchange ActiveSync. We have MFA setup through Azure AD and we've enabled OAUTH in a test profile, and have pushed that out to test devices. This is what the profile looks like (note: After saving the profile with blank Domain and Username fields, Domain auto-populates with {EmailDomain} and {EmailUserName}):
So this setup works fine for the first try, except for the Exchange account name coming over to the device as "(null)" instead of Exchange ActiveSync as defined. OK, not a big deal.
The real issues come when it's time for the user to re-authenticate after changing their AD password. The Exchange account name has inexplicably changed from "(null)" to "domain\username", which MFA fails to find as an account (as it should). It doesn't remember username@domain.com for the authentication.
So I tried to fix this by specifying @domain.com on the end of the username field, and that fixed a myriad of issues. The Exchange account is named correctly, MFA passes through the correct username format, and users can connect just fine...
Until their OAUTH token appears to expire instead of renewing... Once it does that, Mail just says there is an error with the Exchange account. And since there's no way to initiate a new token authorization by re-authenticating the account (thank you, oversimplified iOS settings...), the account is useless until I pull the profile then push it again.
I came across this issue in Microsoft's Tech Community, and despite it being related to iOS 12, we are having the same issue in iOS 13. A reply in that thread stated by blanking the username and domain, it worked for their organization, but that's where I started this whole process from.
So I'm not sure what's wrong here. MFA for other apps we have configured is working perfectly. Based on the MFA attempting to pass through a specific combination of username and password (and the weird Exchange account names) depending on the profile settings, I'm thinking the profile config is needing to be tuned. I haven't been able to find much on how to set it up for Office 365 + OAUTH + Native iOS Mail client on the web, so I'm hoping I can get some feedback in here as to your setups.
Did you ever figure this out?
Having similar issues with Okta configured as our IdP.
Old thread, but came across it thought I would give the answer to that 🙂
The Username and Email Address need to be at EmailAddress and the domain should be empty.