Last Update: Sep 04, 2024 | Published: Sep 19, 2017
Update September 26: Apple says that iOS 11.0.1 fixes the problem of connecting to Exchange Online and Exchange 2016.
The excitement barely stopped as I upgraded my iPhone 7s Plus to iOS 11 soon after Apple released the upgrade on September 19. The good news is that the upgrade was fast and seamless, which I expected because the phone is recent and I do not use any old 32-bit apps. All my apps worked after the upgrade, including those that I use with Office 365 such as Outlook for iOS (including support for multi-factor authentication), Outlook Groups, Yammer, Teams, Office 365 Admin (Figure 1), and so on.
What is not so good is that the standard iOS mail app might not be able to connect to Exchange Online or Outlook.com. There is a good reason for this. Exchange Online and Outlook.com share a common infrastructure powered by Exchange 2016 servers running on Windows 2016. The software is ahead of Exchange 2016 cumulative update 7, which Microsoft released today along with Exchange 2013 CU18. The version of Exchange 2016 running inside Exchange Online has some special tweaks to support the Office 365 datacenter environment, but essentially it is the same software.
In any case, Exchange 2016 uses HTTPS/2 TLS connections for its clients. When the iOS mail app attempts to connect to Exchange using ActiveSync, it improperly negotiates the connection. The result is that Apple’s mail app is left swinging without the ability to do very much.
Some people report that they can connect after the upgrade and ask if the problem really exists. It does. Remember that clients connect to a massive infrastructure spanning over 100,000 mailbox servers. You could hit one that negotiates a connection.
Microsoft has informed Office 365 tenants about the issue with message MC119954 (Figure 2) and stresses that iOS 9 and iOS 10 clients are unaffected.
The formal Microsoft knowledge base article on the topic says that the only solution is disable HTTP/2 on the server, but that is no help for Office 365 users, who cannot access the Windows 2016 servers to mess with the system registry. Microsoft is not going to apply the fix either for the very good reason that it downgrades the security of client connections.
If you run on-premises Exchange 2016 servers, you can fix the problem by making sure that the registry DWORD values for EnableHTTP2Tls and EnableHttp2Cleartext are both set to zero under the HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters key.
Apple has acknowledged the problem and will do their best to fix it as soon as possible. In the interim, you might consider using the Outlook for iOS app. ActiveSync is now an old protocol that does not support some advanced features such as the ever-popular Focused Inbox. Leaving Focused Inbox aside, my personal perspective is that Outlook for iOS is a far superior client to the native mail app and that Microsoft has done a good job of closing functionality gaps (like the issues that used to exist with Contacts).
I doubt Apple will do much more to improve the iOS mail app in respect of how it connects to Exchange and leverages the functionality of the server. If you want to have the best functionality, maybe now is the right time to consider switching to Outlook. At least it works on iOS 11, even if it requires a license that you might not have. I guess you pay for quality.
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.