Exchange online (Microsoft Office 365) not working when pushed with SM

GrldP
Here to help

Exchange online (Microsoft Office 365) not working when pushed with SM

Hello Community!

 

I struggle a lot on this one: I need to install two Microsoft Office 365’s Exchange Online accounts on macOS 10.14.5 Mojave for use with Apple Mail application. 

 

One account is an account in common for several Mac, I don’t need variables here ; the second one is the device owner's account. 

I’ve tried the following with both Profile Manager and Profile Creator with the same results. 

 

I create a profile with two Exchange (EWS for Mac) payloads, one with fixed values, the other one with variables (I get those at enrollment time against Azure Active Directory). 

 

I then upload the custom profile to Meraki SM, it pushes fine on devices. 

I check it in the Profile preferences pane, the values are correct, so the variables went through without issue. 

But… nothing happens. No account shows in Internet Accounts, none in Apple Mail. Tested a freshly installed virtual machine, same on my own computer none of which are DEP enrolled. 

 

Where I am totally lost is that if I manually install the profile locally with a double click, it seems to work OK, it asks for input of optional values and, of course, the variables I can’t provide. 

 

So has anyone successfully done this and what am I doing wrong? 

 

Thanks a lot for your time. 

 

 

21 REPLIES 21
GrldP
Here to help

One thing I’ve noticed: Meraki pushes the profile as a Device profile, yet I created it as a User profile. But I can’t see any option to push a custom profile as Device or User profile.
beks88
A model citizen

Hi,

 

hanging in here in addition to my original thread

https://community.meraki.com/t5/Endpoint-Management-Systems/Feature-Request-macOS-EWS-support/m-p/39...

 

I'm also trying to get this run. Had the same issue as you on Mojave. But now I even can't get the profile installed. Meraki answers with Error:71 "Payload needs to be in a user profile".

 

According to Apple docs https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf <PayloadScope> is optional and per default User scoped.

 

Have you figured out how to get this run?

 

This is my .mobilconfig, as you can see very simple. (feel free to use it, just add your own identifiers)

 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>EmailAddress</key>
			<string>$OWNERMAIL</string>
			<key>PayloadDisplayName</key>
			<string>Exchange</string>
			<key>PayloadIdentifier</key>
			<string>com.company.macos.exchange.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.com.apple.ews.account.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.ews.account</string>
			<key>PayloadUUID</key>
			<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>UserName</key>
			<string>$OWNERUSERNAME</string>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>EWS_macOS</string>
	<key>PayloadIdentifier</key>
	<string>com.company.macos.exchange.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
	<key>PayloadOrganization</key>
	<string>Organization Name</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

 

 

Hi

I did not had any opportunity to test any further, did you have any success with your profile since there still is the issue with it being considered machine bound where it should be user bound?
beks88
A model citizen

No success on getting it run. Always the same issue as detailed above.

 

Just wondering, why my old profile got installed a few months ago. Now I even can't install the old profile too.

Lately I’ve been running into issues with Meraki alike yours, like profiles/apps that wouldn’t get pushed. 

I opened many cases with support, and during investigation, with no mitigation process involved, everything got back to normal. 

Unsure if it’s related to the current issue you’re facing.

beks88
A model citizen

I've opened a case about this bug, maybe do it as well and let them link your case to mine 🙂

04684676

 

I'll try also to contact our Meraki representative, since this was a killer feature in the last two competitions when trying to sell Meraki vs other MDM solutions.

 

One thing is the bug detected and discussed here, the other thing, it seems not to be a high prio on the development road. No one made a response to my first thread and the feature firstly had been announced on the WWDC18. A native support by Meraki would be nice, but in first we need a solution for the bug here.

Totally agreed.

We first need to sort out the remaining open cases with support as I have some outstanding ones.
Definitely interested to hear back from you!
beks88
A model citizen

Just an update, Support is trying to recreate the issue. Message from 3rd January

Thanks a lot for the update!
grldP-NS
Comes here often

Did support eventually found a way to provision an Exchange Online account to a Mac via EWS?

Due to covid things took a bit longer and support is still investigating.

First the developers meant, the behavior is as expected. After I could prove that this isn't true and provided some logs, the devs are investigating again.

grldP-NS
Comes here often

Thank you very much, because I still experience exactly the same issue and behaviour (needs to be a user profile).

Let’s hope they can find a way around this. Really surprised we are the only ones experiencing this though, I’d have thought Microsoft Office 365/Exchange online on Mac would be a big deal for many.

Yes I thought the same, but seems most of the community are using SM just for iOS devices.

grldP-NS
Comes here often

I eventually understood that too when I see the number of bugs that need opening support cases… 

Got an update from support

 

"I've just been informed and confirmed that there is a new field in the Mac custom profiles called Deploy Channel with the option of Device or User. They are still making additional improvements but this should allow you to deploy your Profile."

grldP-NS
Comes here often

Thanks a lot! Sounds really promising. 

Did you get the change to try it out with, say, Exchange? 

still have troubles. I'm now not able to delete the old profile from the device

grldP-NS
Comes here often

We aren’t quite there yet. Thanks for letting me know!

@grldP-NS do you see this option already in the custom profile interface?

Bildschirmfoto 2020-07-30 um 11.44.57.png

Could you try deploying the profile on a test device.

 

Following configs worked for me

 

Deploy the profile by using user tags for the scope. Owner (in SM) and logged in user should be the same. The user should be actively logged in on the device.

 

The point that still fails -> Variables are not recognized properly

 

Bildschirmfoto 2020-07-30 um 11.55.46.png

beks88
A model citizen

Last reply from support.

 

„Yes the screen being locked could interfere with the profile deployment. Also if a user was not logged into the device there would be no user channel to deploy the profile to.“

 

We deployed the profile on two devices with success

grldP-NS
Comes here often

Finally! thanks a lot.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels