Apple Internet Accounts Approval Required

By disabling the ability for users in your Office tenant to consent to apps (best security practice) you may run into an issue when your first Apple iPhone user tries to access their work emails similar to the image below –

So there’s two ways around this, you can either –

In this article I’ll cover how to quickly authorise the application, before that though I’d like to explain why opening up the ability to consent to apps to any user is a bad idea – What is the illicit consent grant attack in Office 365?

Authorise the App

  1. Get your tenant ID.
    1. Navigate to portal.azure.com
    2. Select ‘Azure Active Directory’
    3. In the Overview panel, copy the Tenant ID shown in the Tenant information box as shown below –
  1. Navigate to the Apple Accounts consent screen, to do this navigate to the URL below, replacing the <tenantID> portion with your tenant ID from the previous step and the <redirectURI> with a valid URL (this can be anything really EG. https://microsoft.com).
https://login.microsoftonline.com/<tenantID>/oauth2/authorize?client_id=f8d98a96-0999-43f5-8af3-69971c7bb423&response_type=code&redirect_uri=<redirectURI>&prompt=admin_consent
  1. Once the Permission requested dialog window appears, click Accept to approve the app.
  2. Now your users should be able to access the mail app via Apple devices.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.