iOS and Android native email clients and Intune Email Profile RRS feed

  • Question

  • Hi guys,

    I set up email profile in Microsoft Intune - Device configuration - Profiles.

    In Microsoft Intune - Client apps - App protection policies I set up policies for iOS and Android.


    The email profile itself is successfully applied. However, eventually instead of my corporate emails I get this both on iPhone and Samsung device.

    Could you please advise why is it so. Is something missing in my Intune setup?


    Friday, August 2, 2019 11:06 AM

All replies

  • You can refer the following step-by-step article to create an email device profile for iOS:


    Also, for iOS device: An existing, duplicate email profile is detected based on host name and email address. The duplicate email profile blocks the assignment of an Intune profile. In this case, the Company Portal app notifies the user that they aren't compliant, and prompts the end user to manually remove the configured profile. To help prevent this scenario, tell your end users to enroll before installing an email profile, which allows Intune to set up the profile.

    For Android Samsung Knox Standard: An existing, duplicate email profile is detected based on the email address, and overwrites it with the Intune profile. Android doesn't use host name to identify the profile. Don't create multiple email profiles using the same email address on different hosts. The profiles overwrite each other.

    Best regards,

    Cici Wu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 5, 2019 8:48 AM
  • Hi Cici, 

    As I mentioned in my first post the email profile is successfully applied. The issue is that it is applied to a built-in mail client which is not in the list of protected apps. 

    In other words, how to make iOS and Androis built in mail clients protected apps. 


    Tuesday, August 13, 2019 6:02 AM
  • That error is most likely because of a conditional access policy with the requirement to use an approved client app. 

    Ideally you would only want to use the Outlook app. You would want to use the App protection policy like you have already created, and the app configuration profile like you have created, and then deploy the application as a required app to the iOS/Android device. 

    The app protection policies can't apply to the native mail app. You get more control with the Outlook app.

    Tuesday, August 13, 2019 6:06 AM
  • Hi Nick, 

    You're right. First MAIL iOS built-in client and EMAIL built-in were added to separate policies under Client apps - App protection policies. Then, under Conditional Access - Policies the following configuration was set up.


    I'm happy users to use Outlook only but Email profile is applied to built-in mail client which is useless since native mail app cannot be added to app protection policy. 

    Friday, August 16, 2019 6:17 AM
  • To configure Outlook, you can go into the Apps section, and then go to App configuration policies and create an app configuration specifically for Outlook. From memory, the policies will only apply to Outlook if it has been deployed via the Company Portal (and not downloaded from the iOS/Android store by the user)

    See https://docs.microsoft.com/en-us/intune/app-configuration-policies-overview for more info. 

    Friday, August 16, 2019 6:50 AM