Share via

iOS BYOD – Microsoft Company Portal iOS MDM enrollment issue – Automatically attaches incorrect Exchange account

DGordon 0 Reputation points
2026-02-27T19:34:02.15+00:00

Regards,

I am experiencing the following issue in our iOS BYOD environment and need assistance from Support.

During Company Portal enrollment (MDM profile installation), only one specific user account a native iOS Exchange account automatically created, even though no email configuration profile or policy is assigned in Intune.

The automatically created Exchange account contains incorrect settings and cannot sync. It also cannot be edited or removed individually — the only way to remove it is by deleting the entire MDM profile, which would break access to all Microsoft corporate apps on the device.

Important observations:

  • The issue occurs only with this one user account in the tenant. Using any other user on the same iPhone does not create an automatic Exchange account.
  • On a different iPhone, signing in with this same problematic account results in the same unwanted Exchange account being created automatically. → This confirms the issue is user‑based, not device‑based.
  • At the bottom of the native iOS Mail account settings page, it shows: “These settings are installed by the profile ‘Eas Profile – outlook.office365.com<myname> @<mycompanyname>.hu”

In Intune admin center:

  • There is no iOS Email profile assigned.
  • There are no Custom (.mobileconfig) profiles.
  • On the affected device, the Device configuration list is completely empty. → This strongly indicates that Intune is NOT installing this Exchange account.

Next question might be: What could cause iOS (during BYOD User Enrollment) to automatically create a native Exchange (EAS) account only for a specific user, when no email profile exists in Intune and other users do not experience this behavior?

Thank you for your help!Regards,

I am experiencing the following issue in our iOS BYOD environment and need assistance from Support.

During Company Portal enrollment (MDM profile installation), only one specific user account a native iOS Exchange account automatically created, even though no email configuration profile or policy is assigned in Intune.

The automatically created Exchange account contains incorrect settings and cannot sync. It also cannot be edited or removed individually — the only way to remove it is by deleting the entire MDM profile, which would break access to all Microsoft corporate apps on the device.

Important observations:

  • The issue occurs only with this one user account in the tenant. Using any other user on the same iPhone does not create an automatic Exchange account.
  • On a different iPhone, signing in with this same problematic account results in the same unwanted Exchange account being created automatically. → This confirms the issue is user‑based, not device‑based.
  • At the bottom of the native iOS Mail account settings page, it shows: “These settings are installed by the profile ‘Eas Profile – outlook.office365.com<myname> @<mycompanyname>.hu”

In Intune admin center:

  • There is no iOS Email profile assigned.
  • There are no Custom (.mobileconfig) profiles.
  • On the affected device, the Device configuration list is completely empty. → This strongly indicates that Intune is NOT installing this Exchange account.

Next question might be: What could cause iOS (during BYOD User Enrollment) to automatically create a native Exchange (EAS) account only for a specific user, when no email profile exists in Intune and other users do not experience this behavior?

Thank you for your help!

Microsoft Security | Intune | Microsoft Intune iOS

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-27T19:34:21.61+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The behavior is consistent with iOS detecting and enforcing an existing Exchange ActiveSync (EAS) profile that’s associated with that specific user, even though no current Intune email configuration is visible for the device.

    From the Intune side, when an email profile exists for iOS/iPadOS, Intune:

    • Detects duplicate EAS accounts based on host name + email address, and
    • Blocks or overwrites accounts depending on platform.

    For iOS/iPadOS specifically:

    • If a duplicate email profile exists, it is detected by host name and email address.
    • The duplicate profile blocks assignment of an Intune profile, and the Company Portal prompts the user to remove the configured profile.
    • To avoid this, users are expected to enroll first, then let Intune deploy the email profile, and only then manually configure any additional mail accounts if needed.

    In this scenario, the key point is that iOS shows the account as being installed by a profile named similar to an Intune‑style EAS profile (for example, “Eas Profile – outlook.office365.com<user>@<company>”). That indicates:

    • An EAS configuration profile exists or existed for this user at some point (for example, from Intune or another MDM), and
    • iOS is treating that configuration as coming from a management profile, which makes the account non‑editable and non‑removable except by removing the MDM profile.

    Because:

    • Only this one user triggers the automatic EAS account creation on multiple devices, and
    • Other users on the same devices do not,

    the root cause is user‑specific configuration tied to that account (historical or current), not a device‑wide Intune policy. iOS is honoring that managed EAS configuration for that user during enrollment, even though no active iOS email profile is currently visible in Intune’s device configuration list.

    To prevent similar issues in general for iOS BYOD:

    • Ensure users enroll devices before manually creating native mail profiles so Intune can control the EAS configuration.
    • Avoid duplicate EAS profiles (same host name and email address) across different management sources, because they can block or overwrite each other.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.