If you followed the security recomendations in Office 365 and disabled the ability for users to consent for apps, iPhone users will be facing the message “iOS accounts needs permission to access resources in your organization” during native mail account setup for Exchange Online.
I had this situation and find some articles to solve the problem. I would like to give you a short summary of these articels.
Find your Tenant ID
To solve the iOS problem, you need your Office 365 tenant ID first. To get this, open your Azure AD admin center.
Under favorites, switch to the Azure Active Directory category and open the properties of your AAD. On the right site, you will find your Tenant ID. Please copy this ID to your clipboard.
Allow Apple Accounts app in your tenant
Now, you have to modify a URL to allow the Apple accounts app accessing your Office 365 tenant. To do this, the following URL is required
The iOS Apple Account AppID is f8d98a96-0999-43f5-8af3-69971c7bb423. An OAuth redirect URL for the Apple iPhone doesn’t exist. A
Next, you will be asked to grant access to your Office 365 Tenant for the iOS Accounts app:
After clicking “Accept”, you will be forwarded to the redirect URL. Windows is asking for an app to open this OAuth file. You can cancel that one. The iOS Accounts app should we registered and your iOS users can set up their phones for Exchange Online without additional prompt.
Check Azure AD for allowed apps
After completing this section, you can check, if iOS Accounts app is approved in your Azure AD. To do this, open again your Azure AD portal and switch on the left to Enterprise Applications.
Here, you will get a list of all registered apps in your Azure AD Tenant. If you succesfully registered iOS Accounts app for your tenant, it should be visible here:
Also you can check the properties of this application and you will see, that the app is allowed to be registered by your Office 365 users.
Why you should think about disabling 3rd party Add-Ins in Office 365
There are some good reason why you should consider to disable access of 3rd party Add-Ins to your Office 365 tenant. One good example you can find here: