Situation: When setup iPhone to use Office 365 email with MFA enabled, you may receive this message:
iOS Accounts
You can’t access this application
iOS Accounts needs permission to access resources in your organization that only and admin can grant. Please ask an admin to grant permission to this app before you can use it.
Resolutions: 1. The best way to access Microsoft Office 365 email is using Outlook app. You can download it from Apple store.
2. If you want to use both business email and personal email in the Apple mail app, you may download Microsoft Authentication app.
3. Or set it up using Configure manually option. You will see this option after you enter domain account password. You have two options: Login admin or configure manually. When using Configure Manually, you enter all information manually including server: outlook.office365.com.
4. Enable user access to Enterprise apps. From your Office 365 Admin portal, go to Admin Centers > Azure AD > Users and Groups > User Settings then make sure “Users can consent to apps accessing company data on their behalf” is enabled. And
5. admin_consent
You will then be redirected to an Microsoft login page where the user should enter a password. On the bottom from that page you have the option to send the URL to a user. Instruct the user to send that URL to one Office 365 administrator. The URL should look like the following:
3g.) Once you get the URL, open a browser (and login into the Office Admin Center with an global admin account). Now you need to modify the URL you got.
3h.) Change the section “prompt=login” to “prompt=admin_consent”
3i.) remove the “login_hint=blocks@contoso.onmicrosoft.com&” section
3j.) now copy the modified URL and past it into the browser you have open
3k.) You will now be prompted to accept that.
3l.) Once done the browser try to redirect you to the iOS device, however on your PC this will fail, but the needed action is performed.
6. Users or groups may be assigned access to the Read&Write application
•Navigate to Azure Admin Settings -> Azure Active Directory -> Enterprise Applications -> All Applications -> Read&Write.
•Select Users and Groups -> Add User/Group.
7. A Global Administrator must give consent on behalf of users
- Using an administrator account, use this consent link to sign-in to Office 365.
- You will be prompted to consent for the read permissions that the Read&Write application needs
- After consenting, you’ll be directed to the Read&Write login page https://www.login.texthelp.com. Please allow a short period of time for the Read&Write Application to be added to your catalog.
After completing these steps, non-admin users should be able to access Read&Write for Windows!
