My organization just blocked all native mail apps from accessing outlook, forcing us to use the outlook mobile app. They probably did this through conditional access through Azure AD, but I’m not 100% sure. I don’t want to do that, I like the native iOS app better. Are there any workarounds so I can start using the native app again?
There is no workaround to access Outlook with native mail apps if Outlook is blocked by a conditional access policy. That would be a huge security liability if there was a way to change an admin's access controls. As Sunny said, the best thing to do here is to ask the admin to enable this for your account.
Related
At work we have developed an individual customer specific software application that is in use for a long time. We have a new requirement in this same program to implement an option for sending emails directly from the program.
The user is able to add his own email account with the credentials and login through our program. For Microsoft and Gmail accounts OAUTH is implemented and something here is not very clear.
For Gmail-API we have made an OAUTH Client and Consent screen on Google Cloud Console which we need to publish and verify and here is where the problems start. I am not very clear with the whole process of verifying the app.
In the steps for verifying is stated that we should verify a domain for the app, but this software is not hosted anywhere on internet and is not publicly available, it is available to a number of specific users (2000-3000).
Also Google requires a YouTube video of the software to be available publicly, which we are not able to upload because of customer requirements. Also here is required a Data Protection Policy page for the application which we as a developers don't have because we are only developing the software.
Other thing that is not clear to me, how is this type of software rated by Google, internal or public?
Have anyone experience with this or something similar?
Verifying an app for one of the Gmail scopes is a very complicated process. This process depends upon which scope of authorization you are requesting of the users.
In your case you are trying to send an email so you are using the users.messages.send method from the Gmail api. This uses a restricted scope. Which means you will need to go though the full process.
First of it doesn't matter if your application is hosted or not. It also doesn't matter that you give this app to a limited number of users. What matters is the scopes you are using.
You will need to ensure that your domain has been registered via google search console. So this app will need a domain
Once that is done you will be able to host your website, and the privacy policy on that domain.
You will need to create a YouTube video showing your application running, and how authorization is used.
You will also need to submit to a third party security checkup of your application which is not free and will need to be done once a year.
All of this is needed because of your consent screen it doesn't matter if its hosted any where, It also doesn't matter if this is only available to specific number of users.
If all of the users are part of a single google workspace account, that has created your client id and client secrete then you can set the app to internal and you wont need to be verified. This only works for google workspace domain accounts.
What would be the best way to obtain an AAD token from an electron app?
Microsoft has 2 javascript authentication libraries: adal.js and msal.js.
Both are designed for browsers and not native Electron apps (For example - AAD won't allow for file:/// scheme as a reply URL).
Sounds like a long term solution would be native AAD packages (like Microsoft built for Apache Cordova), but since that's probably not going to happen any time soon, what is the best short-term option?
Azure Storage Explorer is a good example of an Electron app that does this. It even allows for being logged into multiple AAD accounts at the same time.
You might be able to check out what's going on in the app's dev tools. I've had a poke around and it looks like it uses adal-node npm package instead of the browser based js libraries.
It also looks like it uses an authorization code flow for obtaining tokens.
The Azure AD doesn't support the file protocol as the reply address. To develop the single page application, you can host it on the server and using the server URL as the reply address.
I want to read calendar events in my app from on-premise Exchange server. For exchange online, Office 365, I could use Microsoft's SDK for iOS. I want to know
Is there any SDK from Microsoft to support on-prem exchange server in iOS app
Is there any extension/plug in that enables my app to read calendar events from exchange server
Is there framework/service offered by Apple that can be used in custom apps to read calendar events?
Any link/info would be greatly appreciated.
As written in the comment. I personally would never ever enter my Exchange password in a strange app, which then access my Exchange mailbox (which also would explain the downvote). The app would then be able to write emails, read all emails ... means access everything in my mailbox.
So I think the best way to access the calendar in your app would be that your app access the user’s Calendar database using the EKEventStore class. However this has some limitations so normally not the whole calendar is visible here and most users sync only a subset. But for most apps this might be enough.
Via this approach your app also becomes more "universal" and can also work with WebDAV/CalDav calendars (e.g. Shared Calendars like google calendar).
Additional via that way you do not need to deal with:
bad network connections
Different authentication methods (e.g. two factor authentication)
SSL encryption (cipher vs. protocols vs. ...)
I am trying to create an IOS application. Part of it will allow upload of data to a Dropbox account that is hardcoded. I don't know how to do this part of my app without having a webpage show up that asks for authorization. Are there other ways to authorize an account without asking the user?
Don't do this. You're asking for a disaster.
Violates the Dropbox Terms of Service.
What happens when Dropbox suspends your account, your app breaks.
An API key you hide in the app could be compromised and exploited.
Look into another service intended for what you actually want to accomplish, Amazon's S3 is likely a good choice.
I need some kind of authorization implemented in my IOS Native App (Swift).
I thought of creating an Active Directory Integration, but problem will arise when I will use the app from remote locations as in outside of the LAN. As the app won't be able to do an AD lookup (That is my understanding).
A solution could be to do VPN, but that is quite demanding of the users to require this.
Do you have any ideas on how I can have authorization which doesn't need AD-access and requires minimal user management (maintenance) when for instance people leaves and shouldn't have access anymore.
Any suggestions or ideas is welcome.