Our office recently implemented two-factor authentication with Office 365 and it caused some issues with my Activesync account in Blackberry Hub (running on my Android Pixel 2. I would receive email intermittently – an hour on, a few hours off, and then a random bunch of email again. Then I started receiving the following error message:
The client certificate for (your mail account) must be allowed for use in establishing secure email connections. Do you want to do this now? [Password may or may not be required.]
Before the two-factor change, out email configuration required that we user a client certificate that was issued to our phone through Microsoft Intune (called “Company Portal” on our phones). Once two-factor was enabled, leaving the certificate selected gave that error message. Instead, email needed to have the certificate removed as follows:
Here was the big change: instead of my domain password, Hub required me to generate an app-specific password using the following process:
The mobile version of office.com doesn’t allow you to generate an app password, but you can tell the Chrome on your phone to view the full desktop version of the site and it will allow you to generate a password. Copy it, use it in Blackberry Hub (without the certificate selected), and you’re back to receiving your email!