Mail MDM payload settings for Apple devices
You can configure mail accounts for users of iPhone, iPad and Mac devices enrolled in a mobile device management (MDM) solution. Use the Mail payload to configure POP or IMAP mail accounts for users. Apple devices support industry-standard IMAP4 and POP3 mail solutions on a range of server platforms, including macOS, Windows, UNIX and Linux.
The Mail payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.mail.managed
Supported operating systems and channels: iOS, iPadOS, Shared iPad user, macOS user, visionOS 1.1.
Supported enrolment types: User Enrolment, Device Enrolment, Automated Device Enrolment.
Duplicates allowed: True — more than one Mail payload can be delivered to a user or device.
You can use the settings in the tables below with the Mail payload.
Account settings
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Account description | The display name for the account. | No | |||||||||
Account type | Select POP or IMAP. If IMAP is selected, you can optionally add the path prefix. | Yes | |||||||||
User display name | The display name of the user. | Yes | |||||||||
Account email address | The email address for the account. | Yes | |||||||||
Allow user to move messages from this account | Specify whether email messages can be moved between mail accounts. | No | |||||||||
Allow recent addresses to be synced | Specify whether recently used addresses can be synced across devices. | No | |||||||||
Allow Mail Drop | Specify whether Mail Drop appears as an option when sending large files using the Mail app. | No | |||||||||
Use only in Mail | Specify whether any apps other than the Mail app are able to send email. | No | |||||||||
Enable S/MIME signing | Enable S/MIME signing. | No | |||||||||
Allow S/MIME signing | Allow the user to enable or disable S/MIME signing. | No | |||||||||
S/MIME signing certificate | Select the S/MIME signing certificate. | No | |||||||||
Allow the user to modify the S/MIME signing certificate | Allow the user to modify the S/MIME signing certificate. | No | |||||||||
Force S/MIME encryption | Force S/MIME encryption. Note: If the sender’s public key is absent in the recipient’s system, this feature isn’t enforced. | No | |||||||||
Allow S/MIME encryption | Allow the user to enable or disable S/MIME encryption. | No | |||||||||
S/MIME encryption certificate | Select the S/MIME encryption certificate. | No | |||||||||
Allow the user to modify the S/MIME encryption certificate | Allow the user to modify the S/MIME encryption certificate. | No | |||||||||
Enable per-message encryption switch | Specify whether users have the option to encrypt messages on a per-message basis. | No | |||||||||
Mail server settings
You can have different settings for both the incoming and outgoing mail server.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Hostname | The IP address or fully qualified domain name (FQDN) of the mail server. | Yes | |||||||||
Port | The port number of the mail server. | Yes | |||||||||
Account username | The username used to connect to the mail server. | Yes | |||||||||
Authentication type |
| Yes | |||||||||
Account password | The password to the mail server. | No | |||||||||
Outgoing mail server password identical to the incoming mail server | Choose to use the same password for both the incoming and outgoing mail server. | No | |||||||||
Use SSL | When the Use SSL option is selected and the server’s SSL certificate isn’t issued by a trusted certificate authority known to the devices, use the Certificates payload to add any root or intermediate certificates that are necessary to validate the server’s SSL certificate. | No | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how various Mail settings are applied to your devices and users, consult your MDM vendor’s documentation.