Staff expect mail and calendar on their phones on day one of a Microsoft 365 rollout. The recommended path is the Outlook mobile app signed in with work accounts—not copying passwords into the built-in iOS Mail app unless your policy allows it.
Recommended approach
| Step | Action |
|---|---|
| 1 | Install Microsoft Outlook from the official app store |
| 2 | Add account type Office 365 / Microsoft 365 |
| 3 | Sign in with work email; complete MFA when prompted |
| 4 | Accept organization policies if Intune management applies |
Modern auth supports conditional access—your admin can require compliant devices or block risky sign-ins.
Intune and mobile device management
On Business Premium or Enterprise plans, Microsoft Intune can:
- Require a PIN and encryption
- Block copy/paste to personal apps (app protection policies)
- Wipe company data only on lost phones (selective wipe)
Field managers should know whether phones are BYOD or corporate-owned before policies are applied.
iOS built-in Mail vs Outlook app
Built-in Mail can work with Exchange ActiveSync but may lag policy features your security team expects. Standardize on Outlook mobile unless you have a written exception process.
Android variants
Manufacturer-specific battery optimization can delay push mail. IT playbooks often include steps to disable aggressive battery kill for Outlook on popular devices.
Troubleshooting quick list
- Repeated password prompts — check MFA app time sync; remove stale device registrations.
- Can't add account — verify license assigned; confirm autodiscover DNS.
- Policies blocking access — user may need to enroll in Company Portal first.
Partner help
Conditional access and app protection templates are easier to clone from an experienced CSP. Ask via contact when rolling out hundreds of phones.
