Intune Email Profiles: Complete Configuration Guide - CyberSystem Blog

Email profiles in Microsoft Intune enable you to deploy preconfigured email settings to devices, allowing users to access their organization email accounts without manually configuring email client settings. This reduces support calls and ensures consistent email configuration across devices.

Understanding Email Profiles in Intune

Email profiles in Intune create, assign, and monitor Exchange ActiveSync email settings on devices. Email profiles help with consistency, reduce support calls, and let end-users access company email on their devices without any required setup on their part.

Key Benefits

Automatic Configuration: Users don't need to configure email manually
Consistent Settings: Standardized email configuration across devices
Reduced Support: Fewer support calls for email setup
Secure Access: Support for modern authentication and certificates
Multiple Platforms: Windows, iOS, Android support

For an overview, see Add email settings to devices using Intune.

Prerequisites

Before creating email profiles:

Email App: Deploy email app to devices first
Email Server: Ensure email server is accessible
Authentication: Configure authentication method
Certificates: Configure certificates if using certificate authentication

Supported Platforms

Email profiles support:

Android device administrator (Samsung Knox Standard 5.0 and newer)
Android Enterprise personally owned devices with work profile
iOS 11.0 and newer
iPadOS 13.0 and newer
Windows 10 and later

Creating Email Profiles

Step 1: Deploy Email App

Before creating email profiles, deploy the email app:

For Windows:

Microsoft Outlook (from Microsoft 365 Apps)
Built-in Mail app

For iOS/iPadOS:

Microsoft Outlook
Built-in Mail app

For Android:

Gmail app
Nine Work app

For app deployment, see Add apps to Microsoft Intune.

Step 2: Create Email Profile

Access Email Profiles

Sign in to the Microsoft Intune admin center
Navigate to Devices > Manage devices > Configuration > Create
Select platform (Windows, iOS, Android)
Select Templates > Email
Select Create

Configure Basics

Name: Enter descriptive name
Description: Optional description
Select Next

Configure Email Settings

Platform-specific settings vary. Common settings include:

Email Account:

Email server: Exchange server address
Account name: Display name for email account
Username attribute: How to identify user
Email address attribute: User's email address

Authentication:

Authentication method:
- Username and password
- Certificates
- Derived credentials

Advanced Settings:

SSL: Enable SSL/TLS
S/MIME: Configure S/MIME if needed

For platform-specific settings:

Assign and Deploy

Assign scope tags (optional)
Assign to user groups
Review and create

For step-by-step guidance, see Add email settings to devices using Intune.

How Intune Handles Existing Email Accounts

Android Device Administrator

An existing, duplicate email profile is detected based on the email address, and overwrites it with the Intune profile. Android doesn't use the host name to identify the profile.

Android Enterprise

Intune provides two Android work email apps: Gmail and Nine Work. These apps don't create duplicate profiles. Deploy one of these email apps, then create and deploy the email profile.

iOS/iPadOS

An existing, duplicate email profile is detected based on host name and email address. The duplicate email profile blocks the assignment of an Intune profile. Users must manually remove the configured profile.

Best Practice: Tell users to enroll before installing an email profile to allow Intune to set up the profile.

Windows

An existing, duplicate email profile is detected based on host name and email address. Intune overwrites the existing email profile created by the end user.

For details, see How Intune handles existing email accounts.

App Configuration Policies

For some email apps, you can use app configuration policies instead of or in addition to email profiles:

Outlook for iOS and Android:

Use app configuration policies to customize Outlook
Configure account settings
Set app-specific preferences

For guidance, see Deploying Outlook for iOS and Android app configuration settings in Exchange Online.

Best Practices

1. Deploy Email App First

Install email app before email profile
Verify app installation
Test app functionality
Ensure app compatibility

2. Use Modern Authentication

Prefer modern authentication
Use certificates when possible
Avoid basic authentication
Configure Conditional Access

3. Test Before Deployment

Test with pilot groups
Verify email connection works
Test authentication
Validate user experience

4. Coordinate with Enrollment

Enroll devices before email setup
Avoid duplicate profiles
Guide users on enrollment order
Document enrollment process

5. Monitor Email Access

Review connection logs
Monitor authentication failures
Track certificate issues
Address problems promptly

Troubleshooting

Common Issues

Email Not Connecting
- Verify email server address
- Check authentication settings
- Review certificate deployment
- Test server connectivity
Authentication Failures
- Check credentials
- Verify certificate validity
- Review authentication method
- Test authentication manually
Profile Not Applying
- Verify device enrollment
- Check profile assignment
- Review device check-in
- Check for duplicate profiles

Additional Resources

Conclusion

Email profiles in Intune provide seamless, preconfigured email access for your organization's devices. By following these best practices:

✅ Deploy email app before email profile
✅ Use modern authentication
✅ Test thoroughly before deployment
✅ Coordinate with device enrollment
✅ Monitor email access and issues

You can provide seamless email access while maintaining security and reducing support overhead.

Remember: Email profiles work best when devices are enrolled before email setup. Guide users to enroll first to avoid duplicate profile conflicts, especially on iOS/iPadOS devices.