Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Exchange 2016|Office|Office 365

iOS 11 and Exchange 2016/Online: Not Kissing Cousins

Update September 26: Apple says that iOS 11.0.1 fixes the problem of connecting to Exchange Online and Exchange 2016.

An Easy Upgrade to iOS 11

The excitement barely stopped as I upgraded my iPhone 7s Plus to iOS 11 soon after Apple released the upgrade on September 19. The good news is that the upgrade was fast and seamless, which I expected because the phone is recent and I do not use any old 32-bit apps. All my apps worked after the upgrade, including those that I use with Office 365 such as Outlook for iOS (including support for multi-factor authentication), Outlook Groups, Yammer, Teams, Office 365 Admin (Figure 1), and so on.

iOS Office 365 Admin
Figure 1: Office 365 Admin app running on iOS 11 (image credit: Tony Redmond)

Problems for the iOS Mail App

What is not so good is that the standard iOS mail app might not be able to connect to Exchange Online or Outlook.com. There is a good reason for this. Exchange Online and Outlook.com share a common infrastructure powered by Exchange 2016 servers running on Windows 2016. The software is ahead of Exchange 2016 cumulative update 7, which Microsoft released today along with Exchange 2013 CU18. The version of Exchange 2016 running inside Exchange Online has some special tweaks to support the Office 365 datacenter environment, but essentially it is the same software.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

In any case, Exchange 2016 uses HTTPS/2 TLS connections for its clients. When the iOS mail app attempts to connect to Exchange using ActiveSync, it improperly negotiates the connection. The result is that Apple’s mail app is left swinging without the ability to do very much.

Some people report that they can connect after the upgrade and ask if the problem really exists. It does. Remember that clients connect to a massive infrastructure spanning over 100,000 mailbox servers. You could hit one that negotiates a connection.

Microsoft has informed Office 365 tenants about the issue with message MC119954 (Figure 2) and stresses that iOS 9 and iOS 10 clients are unaffected.

iOS 11 mail problem
Figure 2: Microsoft informs tenants about the bad news (image credit: Tony Redmond)

No Fix for Office 365 Users

The formal Microsoft knowledge base article on the topic says that the only solution is disable HTTP/2 on the server, but that is no help for Office 365 users, who cannot access the Windows 2016 servers to mess with the system registry. Microsoft is not going to apply the fix either for the very good reason that it downgrades the security of client connections.

If you run on-premises Exchange 2016 servers, you can fix the problem by making sure that the registry DWORD values for EnableHTTP2Tls and EnableHttp2Cleartext are both set to zero under the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters key.

Time to Move to Outlook?

Apple has acknowledged the problem and will do their best to fix it as soon as possible. In the interim, you might consider using the Outlook for iOS app. ActiveSync is now an old protocol that does not support some advanced features such as the ever-popular Focused Inbox. Leaving Focused Inbox aside, my personal perspective is that Outlook for iOS is a far superior client to the native mail app and that Microsoft has done a good job of closing functionality gaps (like the issues that used to exist with Contacts).

I doubt Apple will do much more to improve the iOS mail app in respect of how it connects to Exchange and leverages the functionality of the server. If you want to have the best functionality, maybe now is the right time to consider switching to Outlook. At least it works on iOS 11, even if it requires a license that you might not have. I guess you pay for quality.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Tony Redmond has written thousands of articles about Microsoft technology since 1996. He covers Office 365 and associated technologies for Petri.com and is also the lead author for the Office 365 for IT Pros eBook, updated monthly to keep pace with change in the cloud.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: