Microsoft Intune

Outlook and Azure AD Join: Automatically configuring the user’s mailbox

In an average day, I provision a bunch of Windows 10 devices using Microsoft Intune and Windows Autopilot, including Office 365 ProPlus.  But somehow I never actually launched Outlook (or if I did, I didn’t pay attention to what I needed to do to configure it).  It’s not very pretty:

image
image
image
image
image
image
image

What you really want to see is a fully-automated configuration (similar to what Teams does).  This exact scenario came up in a customer conversation today, and I didn’t remember what this takes.  After a few conversations with the Office team, they confirmed that this can be done using what is called ExchangeZeroConfig.  There are documents that describe how to do this with GPO (or worse, by poking in registry values) but of course I wanted to do it with Intune and Azure AD-joined devices.  

Fortunately, with the addition of Administrative Templates in Intune, this becomes fairly straight-forward, as you just need to set the “Automatically configure profile based on Active Directory Primary SMTP address” policy, targeting that to “All users”:

image
image

Then, when you launch Outlook for the first time, the experience is greatly streamlined:

image
image

Much simpler.

One caveat with that:  You need to make sure to use the enrollment status page (and not disable it for the user) so that Intune has time to get the user policy applied before the user launches Outlook. It doesn’t take long for Intune to do that, but some people could manage to launch Outlook faster.

4 replies »

  1. Great article Michael. Would this be only applicable to hybrid join scenarios or will this be applicable for cloud-only (AAD) scenarios as well?

    Like

    • Either. I specifically wrote it for cloud-only, but it does (and has for many years) work with hybrid join (a.k.a. AD join) too. You just need the policy delivered, either via GPO or Intune.

      Like

  2. Great one. Just implemented this for the project I’m working on now!!

    Next in line is the stupid creation of the Teams Desktop icon that makes a mess of Onedrive Known Folders because it is created on each machine a user logs on to, the user gets multiple shortcuts on his desktop. Anoying little bit of mandatory crap. We should be able to manage shortcuts on the users desktop ourselves (or the user) but not mandatory creation on every bloody logon…. 😦

    Like