Skip to content

Latest commit

 

History

History
86 lines (58 loc) · 5.44 KB

troubleshoot-email-profiles-in-microsoft-intune.md

File metadata and controls

86 lines (58 loc) · 5.44 KB
Raw
title description keywords author ms.author manager ms.date ms.topic ms.service ms.localizationpriority ms.technology ms.assetid ROBOTS ms.reviewer ms.suite search.appverid ms.custom ms.collection
Troubleshoot email profiles in Microsoft Intune - Azure | Microsoft Docs
See common issues and solutions with email profiles in Microsoft Intune, including duplicate email profiles and errors on Samsung KNOX Standard Android devices.
MandiOhlinger
mandia
dougeby
06/17/2019
troubleshooting
microsoft-intune
medium
f5c944ea-32a6-48af-bb57-16d5f1f3c588
tscott
ems
MET150
intune-classic
M365-identity-device-management

Common issues and resolutions with email profiles in Microsoft Intune

Review some common email profile issues, and how to troubleshoot and resolve them.

What you need to know

  • Email profiles are deployed for the user who enrolled the device. To configure the email profile, Intune uses the Azure Active Directory (AD) properties in the email profile of the user during enrollment. Add email settings to devices may be a good resource.
  • After migrating from Configuration Manager hybrid to Intune standalone, the email profile from Configuration Manager hybrid stays on the device for 7 days. This is expected behavior. If you need the email profile removed sooner, contact Intune support.
  • For Android Enterprise, deploy Gmail or Nine for Work using the managed Google Play Store. Add Managed Google Play apps lists the steps.
  • Microsoft Outlook for iOS and Android doesn't support email profiles. Instead, deploy an app configuration policy. For more information, see Outlook Configuration setting.
  • Email profiles targeted to device groups (not user groups) may not be delivered to the device. When the device has a primary user, then device targeting should work. If the email profile includes user certificates, be sure to target user groups.
  • Users may be repeatedly prompted to enter their password for the email profile. In this scenario, check all the certificates referenced in the email profile. If one of the certificates isn't targeted to a user, then Intune retries to deploy the email profile.

Device already has an email profile installed

If users create an email profile before enrolling in Intune or Office 365 MDM, the email profile deployed by Intune may not work as expected:

  • iOS: Intune detects an existing, duplicate email profile based on hostname and email address. The user-created email profile blocks the deployment of the Intune-created profile. This is a common problem as iOS users typically create an email profile, then enroll. The Company Portal app states that the user isn't compliant, and may prompt the user to remove the email profile.

    The user should remove their email profile so the Intune profile can be deployed. To prevent this issue, instruct your users to enroll, and allow Intune to deploy the email profile. Then, users can create their email profile.

  • Windows: Intune detects an existing, duplicate email profile based on hostname and email address. Intune overwrites the existing email profile created by the user.

  • Samsung KNOX Standard: Intune identifies a duplicate email account based on the email address, and overwrites it with the Intune profile. If the user configures that account, it's overwritten again by the Intune profile. This may cause some confusion to the user whose account configuration gets overwritten.

Samsung KNOX doesn't use hostname to identify the profile. We recommend you don't create multiple email profiles to deploy to the same email address on different hosts, as they overwrite each other.

Error 0x87D1FDE8 for KNOX Standard device

Issue: After creating and deploying an Exchange Active Sync email profile for Samsung KNOX Standard for different Android devices, the 0x87D1FDE8 or remediation failed error shows in the device's properties > policy tab.

Review the configuration of your EAS profile for Samsung KNOX and source policy. The Samsung Notes sync option is no longer supported, and that option shouldn't be selected in your profile. Be sure devices have enough time to process the policy, up to 24 hours.

Unable to send images from email account

Users who have email accounts automatically configured can't send pictures or images from their devices. This scenario can happen if Allow e-mail to be sent from third-party applications isn't enabled.

Intune solution

  1. Sign in to Intune.
  2. Select Device Configuration > Profiles.
  3. Select your email profile > Properties > Settings.
  4. Set the Allow e-mail to be sent from third-party applications setting to Enable.

Configuration Manager hybrid

  1. Open the Configuration Manager console > Assets and Compliance.

  2. Expand Overview > Compliance Settings > Company Resource Access, and select Email Profiles.

  3. Right-click the e-mail profile, and open Properties.

  4. On the Synchronization Settings tab, select Allow e-mail to be sent from third-party applications.

Next steps

Get support help from Microsoft, or use the community forums.