Citrix documentation indicates Secure Mail is supposed to support an MS hosted O365 back end account but user is unable to get a known good O365 account to function with Secure Mail. That same account works fine either via the web or via the Mobile Outlook App but I cannot get it to connect when using Secure Mail.

---

Instructions

Secure Mail for iOS supports modern authentication (OAuth token-based authentication with User name and password) with Microsoft Office 365.
Prerequisites:
1.Enable modern authentication (OAuth) for Microsoft Office 365For details, see https://technet.microsoft.com/en-us/library/dn594521(v=exchg.150).aspx
2.Migrate your on-premises mailboxes to Microsoft Office 365For details, see https://technet.microsoft.com/en-IN/library/o365e_hrcmoverequest_fl312271(v=exchg.150).aspx
 
Next, ensure that you have configured the following MDX policies in    the XenMobile console listed under OAuth Support for Office 365:
•Office 365 authentication mechanism. This policy indicates the OAuth mechanism used for authentication while configuring an account on Office 365.  
•Do not use OAuth.  OAuth is    not used and Secure Mail uses basic authentication (username and password) for Office 365 Exchange account configuration. This is    the default setting.
•Use OAuth with Username and Password. The user must provide their email, password, and a multi-factor authentication code on the Secure Mail authentication screen for Microsoft. Then, on the next screen, the user must grant Secure Mail permission to access the Office 365 mailbox.
•Trusted Exchange Online Hostnames. Define a  list of trusted Exchange Online hostnames that use the OAuth mechanism for authentication while configuring an account. This is    a comma-separated format, such as server.example.com,server.example.co.uk. If the list is empty, Secure Mail uses basic authentication for account configuration. Default value is  outlook.office365.com.
•Trusted AD FS Hostnames. Define a list of trusted AD FS hostnames for webpages where the password populates during Office 365 OAuth authentication. This is  a comma-separated format such as sts.examplename.com, sts.example.co.uk . If   the list is    empty, Secure Mail does not auto populate passwords. Secure Mail matches the listed hostnames with the hostname of the webpage encountered during Office 365 authentication and checks if   the page uses HTTPS protocol. For instance, when sts.example.com is    a   listed hostname, if   the user navigates to https://sts.example.com, Secure Mail populates the password if   the page has a   password field. Default value is login.microsoftonline.com.
 
Secure Mail for iOS is    now enabled with modern authentication when the policies are refreshed on the device.