Note
Microsoft 365 For Ipad Air
Because of this you need to have a subscription to Office 365 if you want to use the Office apps on an iPad Pro. Microsoft seems to believe that the iPad Pro is only a professional device, and the. Office 365 ProPlus is being renamed to Microsoft 365. If you take an 'Apple Configurator 2' trace from an OS X client that's connected to the iPad by using the. Though the app’s free, you must have an active Microsoft 365 subsciption to use the email client. For home use, the Microsoft 365 suite is currently available in three varieties, including a. Microsoft offers a month's free trial to Office 365, but after that it costs £5.99 ($6.99, AU$7) per month for a Personal account. The Office apps store files, by default, in OneDrive, Microsoft.
Office 365 ProPlus is being renamed to Microsoft 365 Apps for enterprise. For more information about this change, read this blog post.
Symptoms
Microsoft 365 Ipad Subscription
Federated users on Apple iOS devices that have valid user certificates discover that they can't perform Certificate-Based Authentication (CBA) against Azure AD. However, federated users on Android and Windows devices can successfully authenticate by using CBA. The same iOS users encounter no issues when they authenticate by using their user name and password.
Here's the typical experience for iOS users who can't authenticate when they sign in to ADAL-enabled Office applications on iOS:
- The user walks through the Office app setup experience. At the 'Office365' sign-in page, the user clicks Sign-in.
- The ADAL Sign-in page appears, on which the user enters their federated email address and then clicks Next.
- The ADAL Sign-in process hangs at a blank page until it times out and returns a 'There is a problem with your account. Try again later' error. This page includes the option to tap OK.
- If the user taps OK, they sit at the same blank Sign-in page with the option at the top to tap Back.
- Tapping Backreturns the user to the ADAL Sign-in page, where the process starts all over: the user is prompted to enter their federated email address and then click Next.
- Tapping OK returns to a blank Sign-in screen, where the user can enter their UserPrincipalName and repeat the process.
To eliminate Office applications as a factor, we recommend that federated users in an iOS environment test certificate-based authentication in the Safari browser by following the steps in 'More Information' section. The typical experience for iOS users who cannot authenticate against https://portal.office.com from a Safari browser goes as follows:
The user is not prompted as expected to approve the use of their user certificate after they click the Sign-in using an X.509 certificate link.
The federated user either sits at an unresponsive STS sign-in page or advances to the default STS sign-in page, where they are prompted as follows:
Select a certificate that you want to use for authentication. If you cancel the operation, please close your browser and try again.
Note If other authentication methods are enabled in AD FS, the user will also see a link stating 'Sign-in with other options.' If they click this, they return to the STS sign-in page.
Both experiences fail with the following error:
Safari could not open the page because the server stopped responding.
Cause
The certificate chain is incomplete because the issuing subordinate CA certificate is not retrieved by the device as expected when the MDM policy pushes just the Root certificate to the Apple device along with the SCEP profile.
Microsoft Office 365 Ipad
Adding Microsoft 365 To Ipad
The iOS device does not correctly acquire the Issuing CA's *.crt file, even though the AIA path on the user certificate has a valid URL that points to the Issuing subordinate CA's *.crt file.
Resolution
If the customer is using Intune to manage the device, advise them create a new configuration policy for an iOS Trusted Root Certificate that points to the Intermediate Certificate Authorities' *.CER file. Then, advise them to open the company portal on the device and refresh the policy. The connection should now succeed.
Microsoft 365 Ipad Pro
More Information
If you take an 'Apple Configurator 2' trace from an OS X client that's connected to the iPad by using the lightning cable, the trace log resembles the following: