Troubleshooting missing email signatures when Microsoft Intune App Protection policies are enforced on Outlook for iPhone and iPad.
Send org data to other apps = Policy managed apps can block the interaction Outlook for iOS requires for Xink to apply the signature. The typical resolution is to adjust the App Protection policy and validate using a pilot group.The environment
- Microsoft 365 with Outlook for iOS
- App Protection policies enforced through Microsoft Intune
- Additional third-party or partner security solutions in the environment
Symptom
Users experience missing email signatures when sending emails from Outlook on iPhone or iPad.
- Email signatures are not applied when sending emails from Outlook for iOS
- The issue occurs only on mobile devices (iOS/iPadOS)
- Signatures may still work correctly on Outlook for Windows, Mac, or Web
- No visible error message is shown to the end user
Why this happens
Intune App Protection policies control how corporate data can move between apps, services, and web destinations on iOS and iPadOS.
When Outlook is restricted to sending organizational data only to Policy managed apps, it blocks the data flow required for Xink to process and apply the email signature during send.
*.xink.io to exemptions or universal links does not allow the full data-transfer flow required. These settings only affect link handling—not the core data transfer controlled by Intune MAM.Settings that point to Intune as the cause
| Setting | Configured value | Why it matters |
|---|---|---|
| Send org data to other apps | Policy managed apps | Primary cause. Blocks Outlook from interacting with services outside the Intune-managed app boundary. |
| Select apps to exempt | Xink: *.xink.io | Does not override the main outbound restriction. |
| Receive data from other apps | All apps | Only affects inbound flow—not the blocked outbound communication. |
| Restrict web content transfer with other apps | Any app | Does not override stricter app-level data transfer rules. |
Resolution
Recommended approach (pilot test):
- Open Intune admin center.
- Go to Apps > App protection policies.
- Select the iOS/iPadOS policy assigned to affected users.
- Open Data protection.
- Change Send org data to other apps from
Policy managed appstoAll apps. - Save the policy.
- Allow time for policy refresh on the device.
- Restart Outlook or sign out/in if needed.
- Send a new test email.
Expected result
Once Outlook is allowed to send organizational data outside the managed-app-only boundary, Xink can complete the signature process and apply the email signature.
More restrictive alternative
If moving to All apps is not acceptable, a more restrictive configuration can be tested using exceptions. However, this requires careful validation and may not reliably support the signature flow.
Recommended support workflow
- Confirm scope
Verify that the affected users are targeted by an iOS App Protection policy. - Validate platform
Ensure the issue only occurs in Outlook for iOS (not desktop or web). - Check key setting
ReviewSend org data to other apps. - Identify root cause
If set toPolicy managed apps, treat this as the primary cause. - Test resolution
Run a pilot test with an updated policy. - Verify outcome
Send a new email from Outlook iOS to confirm the signature is applied. - Close the case
If resolved, classify the issue as policy-related.
Notes
- Document the requirement as mobile email-signature compliance.
- Always validate changes in a pilot group first.
- Involve the customer’s security team for policy adjustments.
