Exchange online (Microsoft Office 365) not working when pushed with SM

GrldP
Here to help

Exchange online (Microsoft Office 365) not working when pushed with SM

Hello Community!

 

I struggle a lot on this one: I need to install two Microsoft Office 365’s Exchange Online accounts on macOS 10.14.5 Mojave for use with Apple Mail application. 

 

One account is an account in common for several Mac, I don’t need variables here ; the second one is the device owner's account. 

I’ve tried the following with both Profile Manager and Profile Creator with the same results. 

 

I create a profile with two Exchange (EWS for Mac) payloads, one with fixed values, the other one with variables (I get those at enrollment time against Azure Active Directory). 

 

I then upload the custom profile to Meraki SM, it pushes fine on devices. 

I check it in the Profile preferences pane, the values are correct, so the variables went through without issue. 

But… nothing happens. No account shows in Internet Accounts, none in Apple Mail. Tested a freshly installed virtual machine, same on my own computer none of which are DEP enrolled. 

 

Where I am totally lost is that if I manually install the profile locally with a double click, it seems to work OK, it asks for input of optional values and, of course, the variables I can’t provide. 

 

So has anyone successfully done this and what am I doing wrong? 

 

Thanks a lot for your time. 

 

 

22 Replies 22
GrldP
Here to help

One thing I’ve noticed: Meraki pushes the profile as a Device profile, yet I created it as a User profile. But I can’t see any option to push a custom profile as Device or User profile.
beks88
A model citizen

Hi,

 

hanging in here in addition to my original thread

https://community.meraki.com/t5/Endpoint-Management-Systems/Feature-Request-macOS-EWS-support/m-p/39...

 

I'm also trying to get this run. Had the same issue as you on Mojave. But now I even can't get the profile installed. Meraki answers with Error:71 "Payload needs to be in a user profile".

 

According to Apple docs https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf <PayloadScope> is optional and per default User scoped.

 

Have you figured out how to get this run?

 

This is my .mobilconfig, as you can see very simple. (feel free to use it, just add your own identifiers)

 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>EmailAddress</key>
			<string>$OWNERMAIL</string>
			<key>PayloadDisplayName</key>
			<string>Exchange</string>
			<key>PayloadIdentifier</key>
			<string>com.company.macos.exchange.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.com.apple.ews.account.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.ews.account</string>
			<key>PayloadUUID</key>
			<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>UserName</key>
			<string>$OWNERUSERNAME</string>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>EWS_macOS</string>
	<key>PayloadIdentifier</key>
	<string>com.company.macos.exchange.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
	<key>PayloadOrganization</key>
	<string>Organization Name</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

 

 

GrldP
Here to help

Hi

I did not had any opportunity to test any further, did you have any success with your profile since there still is the issue with it being considered machine bound where it should be user bound?
beks88
A model citizen

No success on getting it run. Always the same issue as detailed above.

 

Just wondering, why my old profile got installed a few months ago. Now I even can't install the old profile too.

GrldP
Here to help

Lately I’ve been running into issues with Meraki alike yours, like profiles/apps that wouldn’t get pushed. 

I opened many cases with support, and during investigation, with no mitigation process involved, everything got back to normal. 

Unsure if it’s related to the current issue you’re facing.

beks88
A model citizen

I've opened a case about this bug, maybe do it as well and let them link your case to mine 🙂

04684676

 

I'll try also to contact our Meraki representative, since this was a killer feature in the last two competitions when trying to sell Meraki vs other MDM solutions.

 

One thing is the bug detected and discussed here, the other thing, it seems not to be a high prio on the development road. No one made a response to my first thread and the feature firstly had been announced on the WWDC18. A native support by Meraki would be nice, but in first we need a solution for the bug here.

GrldP
Here to help

Totally agreed.

We first need to sort out the remaining open cases with support as I have some outstanding ones.
Definitely interested to hear back from you!
beks88
A model citizen

Just an update, Support is trying to recreate the issue. Message from 3rd January

GrldP
Here to help

Thanks a lot for the update!
grldP-NS
Comes here often

Did support eventually found a way to provision an Exchange Online account to a Mac via EWS?

beks88
A model citizen

Due to covid things took a bit longer and support is still investigating.

First the developers meant, the behavior is as expected. After I could prove that this isn't true and provided some logs, the devs are investigating again.

grldP-NS
Comes here often

Thank you very much, because I still experience exactly the same issue and behaviour (needs to be a user profile).

Let’s hope they can find a way around this. Really surprised we are the only ones experiencing this though, I’d have thought Microsoft Office 365/Exchange online on Mac would be a big deal for many.
beks88
A model citizen

Yes I thought the same, but seems most of the community are using SM just for iOS devices.

grldP-NS
Comes here often

I eventually understood that too when I see the number of bugs that need opening support cases… 
beks88
A model citizen

Got an update from support

 

"I've just been informed and confirmed that there is a new field in the Mac custom profiles called Deploy Channel with the option of Device or User. They are still making additional improvements but this should allow you to deploy your Profile."

grldP-NS
Comes here often

Thanks a lot! Sounds really promising. 

Did you get the change to try it out with, say, Exchange? 

beks88
A model citizen

still have troubles. I'm now not able to delete the old profile from the device

grldP-NS
Comes here often

We aren’t quite there yet. Thanks for letting me know!

beks88
A model citizen

@grldP-NS do you see this option already in the custom profile interface?

Bildschirmfoto 2020-07-30 um 11.44.57.png

Could you try deploying the profile on a test device.

 

Following configs worked for me

 

Deploy the profile by using user tags for the scope. Owner (in SM) and logged in user should be the same. The user should be actively logged in on the device.

 

The point that still fails -> Variables are not recognized properly

 

Bildschirmfoto 2020-07-30 um 11.55.46.png

beks88
A model citizen

Last reply from support.

 

„Yes the screen being locked could interfere with the profile deployment. Also if a user was not logged into the device there would be no user channel to deploy the profile to.“

 

We deployed the profile on two devices with success

grldP-NS
Comes here often

Finally! thanks a lot.
Gelo
Here to help

It sounds like you've done most things right, but the issue might be with how Meraki SM handles the profile. Device management tools like Meraki can sometimes have restrictions or bugs when pushing specific payloads like Exchange accounts, especially with variables. You could try breaking the payload into separate profiles – one for each account – and see if that resolves it. Also, ensure the Meraki SM version you're using fully supports macOS 10.14.5, as compatibility could be an issue. If you're still stuck, it might be worth looking into manually installing the profiles as you've done or checking if there's a known bug with Meraki and Exchange setups. Also, if you're looking for Microsoft Office subscriptions for future setups, there's a great deal on Office Home & Business 2021 for Mac.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels