Exchange ActiveSync (EAS) MDM payload settings for Apple devices
Use the Exchange ActiveSync (EAS) payload to enter the user’s settings for your Microsoft Exchange Server. You can create a profile for a particular user by specifying the user name, hostname, and email address, or you can provide just the hostname; users are prompted to fill in the other values when they install the profile.
In iOS 14 and iPadOS 14, or later, Exchange accounts configured for OAuth and Microsoft cloud-based services (such as Office365 or outlook.com) are automatically upgraded to use Microsoft’s OAuth 2.0 authentication service.
The Exchange ActiveSync (EAS) payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.eas.account
Supported operating systems and channels: iOS, iPadOS, visionOS 1.1.
Supported enrollment types: User Enrollment, Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one Exchange ActiveSync payload can be delivered to a user or device.
For information about requirements and supported features, see Integrate Apple devices with Microsoft Exchange.
You can use the settings in the table below with the Exchange ActiveSync payload.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Account name | The display name for the account. | Yes | |||||||||
Exchange hostname | The IP address or fully qualified domain name (FQDN) of the Exchange host. | Yes | |||||||||
Account user name | The user name with the optional domain. | Yes | |||||||||
Account email address | The email address for the account. | No | |||||||||
Account password | The password of the user account. If you leave this field empty, users must enter their password after the payload is installed on the device. You can also choose to override the previous password. | No | |||||||||
Use OAuth for authentication | Specifies whether the connection should use OAuth for authentication. If OAuth is specified, the password field should be left empty. | No | |||||||||
Use SSL | When the Use SSL option is selected and the server’s SSL certificate isn’t issued by a trusted certificate authority known to the devices, use the Certificates payload to add any root or intermediate certificates that are necessary to validate the server’s SSL certificate. | No | |||||||||
Past days of mail to sync | Select the amount of time to sync older mail. The options are:
| Yes | |||||||||
Authentication credential name | The name or description of the account. | No | |||||||||
Authentication credential | Select the certificate that identifies the user to the Exchange ActiveSync (EAS) server. | No | |||||||||
Allow user to move messages from this account | Specify whether email messages can be moved between mail accounts. | No | |||||||||
Allow recent addresses to be synced | Specify whether recently used addresses can be synced across devices. | No | |||||||||
Allow Mail Drop | Specify whether Mail Drop appears as an option when sending large files using the Mail app. | No | |||||||||
Use only in Mail | Specify whether any apps other than the Mail app are able to send email. Note: If this is turned on, the Exchange account can’t be used with share sheet in other apps. | No | |||||||||
Enable S/MIME signing | Enable S/MIME signing. | No | |||||||||
Allow S/MIME signing | Allow the user to enable or disable S/MIME signing. | No | |||||||||
Allow the user to modify the S/MIME signing certificate | Allow the user to modify the S/MIME signing certificate. | No | |||||||||
Force S/MIME encryption | Force S/MIME encryption. | No | |||||||||
Allow S/MIME encryption | Allow the user to enable or disable S/MIME encryption. | No | |||||||||
Allow the user to modify the S/MIME encryption certificate | Allow the user to modify the S/MIME encryption certificate. | No | |||||||||
Enable per-message encryption switch | Specify whether users have the option to encrypt messages on a per-message basis. | No | |||||||||
Communication service rules | You can select a default app to be used when calling contacts from this account. | No | |||||||||
Enabled services | You can select one of the following services: Mail, Contacts, Calendars, Reminders, Notes. At least one service should be selected. | No | |||||||||
Service account modification | You can restrict users from making account changes to the following services: Mail, Contacts, Calendars, Reminders, Notes. | No | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how various Exchange ActiveSync (EAS) settings are applied to your users, consult your MDM vendor’s documentation.