Apple Mail Application and USJ O365 Tenant

The Office of Information Technology has received numerous requests over the last month regarding the recent discontinuation of support for the Apple Mail app when accessing USJ O365 email.  I wanted to take this time to explain in detail the reason for this decision and how it came about as well as provide some viable alternative methods to access your USJ email.

In February 2026 after announcing in October 2025 that this was coming, Microsoft began the process of ending overall support for all applications that use Basic Authentication (which is not secure) vs. the more robust OAUTH2 authentication method that modern day applications and systems that use things like Multi-Factor Authentication (MFA) and Data-Loss Prevention (DLP) tools to protect and secure data use.  This means that Microsoft changed the default security posture for all O365 tenants to not allow these apps, Apple’s Mail app is one of those applications that is widely used and uses the basic authentication method which resulted in it no longer being allowed to access O365 email.

When asked, Microsoft provided the following as the main reasons for this change.

Security and Compliance Risks

• Authentication Issues: Modern O365 security, including Multi-Factor Authentication (MFA), often causes constant password prompts or login failures in Apple Mail.
• Data Leakage/Lack of Management: Unlike the Outlook app, Apple Mail lacks robust Mobile Application Management (MAM) policies, meaning organizations cannot selectively wipe company email if a device is lost or an employee leaves.
• Authentication Blocking: Sometimes, Apple Mail’s privacy settings (e.g., "Hide IP Address") can cause Microsoft’s security systems to block access, incorrectly flagging login attempts as suspicious.
• Compliance Gaps: For organizations requiring FERPA and HIPAA compliance, third-party apps like Apple Mail do not meet all necessary data protection standards compared to managed Outlook apps.

Operational and Sync Issues

• Inconsistent Syncing: Emails, calendars, and shared mailboxes often sync poorly, causing delays or missing information.
• Large Mailbox Failures: because it still uses the legacy ActiveSync protocol, Apple Mail struggles with performance and consistently fails to sync entirely when dealing with large Exchange-based (including O365) mailboxes.
• No Support for Shared Mailboxes: Native apps cannot properly display or manage shared/delegated mailboxes, a critical feature for many users. 

After extensive research, OIT has determined that while it is possible for USJ to circumvent these security controls that block these legacy protocols, USJ’s security policies and documented security posture would not accept the risk of allowing USJ data to be accessed using insecure methods, nor would it allow the bypassing of our DLP controls.  Please understand that it is no one’s intention to make our user’s lives difficult, users are encouraged to use the USJ provided and licensed outlook app or webmail to access USJ email data to ensure that there is no unintended data loss due to use of an insecure mail app.