Many Mobile Mentor clients migrated to Office 365 in 2018 and others are planning their migration in 2019. With this move to the cloud, many of our clients transfer employees from using the native mail, calendar and contacts apps on their mobile devices to the Outlook app.
The reason why the Outlook app is preferred is because it uses something called Modern Authentication or ‘Modern Auth’. Modern Auth is a combination of authentication and authorisation methods and policies that offer more security for users connecting from remote clients via mobile devices and the internet. With Modern Auth it is possible to enable multi-factor authentication (MFA) and deliver a single sign-on experience for employees through the use of OATH2, SAML and Access Tokens.
Native mobile email clients that come as standard on iOS and Android devices use Basic Authentication which has limitations when it comes to security. If your work username and password are compromised, with Basic Authentication those compromised credentials can be used to access your work systems from any device and any location. With Modern Auth and MFA enabled, access would not be possible with the compromised credentials alone, a second factor of authentication – a pin code – sent via app or SMS would also be required. Layer this with Conditional Access for automatic detection of rogue activity from unexpected locations and you have a very compelling set of reasons to disable legacy apps and protocols and only allow the Outlook app for work email on mobile devices. Having supported a number of O365 migrations with our customers we have identified a few things to be aware of to make the transition to Outlook as smooth as possible.
Combined personal & work calendar
Being able to overlay work and personal calendars is a must for employees with a busy family life. Having your work calendar view in Outlook and your personal calendar view in native mail is not great for organising a busy schedule, one view is essential. When enforcing the use of Outlook for work, the only solution is for your employees to set up their personal mail accounts in the Outlook App as well, so their personal activities can be viewed alongside their work meetings. Luckily Microsoft have built their apps with ‘Multi-Identity’ support that allows the use of work and personal access to the same apps while Data Protection policies protect and restricts the movement of data in the work part of the app.
Local Sync of Contacts
When moving to the Outlook app, work contacts are only stored inside the Outlook app by default and an extra step is required to enable contact sync to the native contacts on the device. The phone dialer uses native contacts to identify who is calling so Caller ID won’t work if contacts are only stored in the Outlook app.
Employees will want their contacts sync’d locally to their device so that when a call comes in from a known contact, they will be able to see who is calling rather than an anonymous number that they don’t recognise. Caller ID is a must. This can result in a poor first-time user experience unless this change is properly communicated.
Microsoft doesn’t have remotely configurable settings for the Outlook app yet so users need to manually enable contacts sync themselves from the app so their contacts will be accessible on their device. This is enabled by opening Outlook.
Requirement for iCloud on iOS
The biggest challenge we have seen is with Outlook contact sync on iOS devices where iCloud is not enabled. With employee owned devices, or personally enabled devices, employees usually have an iCloud account set up and we don’t get any issues.
When you enable contacts sync in Outlook on a device that does not have iCloud enabled you’ll get this message “An iCloud account with contact syncing enabled is needed to save contacts to your device. You can your iCloud account or enable contact syncing in your device settings > Accounts & Passwords > iCloud > Contacts.”
Which means Outlook contacts sync on iOS devices is completely dependent on iCloud. If you are an organisation which blocks iCloud on devices, then your users will not be able to sync contacts locally, they will need to be manually added.
Settings for Android
If you have set Intune App Protection Policies for Outlook on Android, there are some additional settings you will need to add to ensure contact sync is possible as shown below.