Recent changes to Office 365 tenants to be FedRAMP-compliant is causing problems for some users with personal and government email accounts in the Outlook apps for Android and iOS.
Microsoft made a change to the government cloud accounts (GCC) to make the FedRAMP compliant and unfortunately, it caused problems for Outlook mobile users, removing their personal account from Outlook or preventing them from adding work email accounts.
Exchange Online administrators can use the following cmdlet to give Outlook for iOS and Android users access to features and services that are not FedRAMP compliant:
Set-OrganizationConfig -OutlookMobileGCCRestrictionsEnabled $false
At any time, access can be revoked by resetting the parameter back to the default value:
To restore the default value and make the features and services FedRAMP compliant, use this cmdlet.
Set-OrganizationConfig -OutlookMobileGCCRestrictionsEnabled $true
More Information
Administrators can read more about GCC, the tenant setting, and non-FedRAMP compliant features here :
Using Outlook for iOS and Android in the Government Community Cloud
If running the cmdlet makes non FedRAMP features available, why would you want it? Don't you want to be FedRAMP compliant? Why did you purchase GCC?
There are situations where the fedramp requirements are not needed by the users or access is more important. It's really up to the administrators to make the decision.
I can give you a good example of why someone might want to co-habitate (remove the restriction). My organization pays a stipend for personal cell usage rather than provide a work phone so I have both my personal outlook.com account and my org's GCC email account on my phone. With this restriction I can't run both in the Outlook app so I have to put my personal account in the Gmail app. If I do that, I cannot sync contacts from my personal account so my phone can either have (work email/contacts and personal email) or (personal email/contacts and no work email).
Your IT admin has the ability to remove the restriction. End-users cannot remove it.
Hello Diane
Thank you for this post. However, I have initiated this command but we are still not able to co-exist a GCC and a non-GCC account on the Android. Not yet tested iOS. Command was initiated 48 hours ago and Get-OrganizationConfig shows "OutlookMobileGCCRestrictionsEnabled : False".
Is there something that I may be missing?
We recently migrated a client into GCC and found that Outlook for iOS does not work. We went ahead and disabled GCC restrictions per the cmdlet. An alternative would be to use the iOS native mail client. I've reached out to Microsoft on this issue but still don't know what Microsoft's plan is here. I'm hoping that they will get Outlook for iOS working with GCC restrictions. I can't find much information on the web on this issue.