Exchange declarative configuration for Apple devices
Use the Exchange configuration to set up Exchange ActiveSync (EAS) and Exchange Web Services (EWS) accounts for your users.
In iOS 14 and iPadOS 14 or later, Exchange accounts configured for OAuth and Microsoft cloud-based services (such as Office365 or outlook.com) are automatically upgraded to use Microsoft’s OAuth 2.0 authentication service.
The Exchange configuration supports the following:
Minimum supported operating systems and channels: iOS 15, iPadOS 15, Shared iPad user, macOS 13 user, visionOS 1.1.
Requires supervision: No.
Supported enrolment types: User Enrolment, Device Enrolment, Automated Device Enrolment.
For information about requirements and supported features, see Integrate Apple devices with Microsoft Exchange.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Account name | The name that apps show to the user for this Exchange account. If not present, the system generates a suitable default. | No | |||||||||
Enabled protocol types | The set of protocol types to enable on the Exchange server, in order of preference. Possible values include Exchange ActiveSync and Exchange Web Services. If the device supports one or more of the listed protocol types, it sets up an account for the first supported type. | Yes | |||||||||
User identity asset | Asset declaration that contains the user identity for this account. | No | |||||||||
Exchange hostname | The IP address or fully qualified domain name (FQDN) of the Exchange host. | Yes, unless the declaration contains an OAuth property with a SignInURL that has enabled as true. | |||||||||
Port | The port number of the EWS server. The system uses this only when this declaration has a HostName value. | No | |||||||||
Principal URL | The path of the EWS server. The system uses this only when this declaration has a HostName value. | No | |||||||||
Server External Host Name | The external hostname (or IP address) of the EWS server. This is a required field unless the declaration contains an OAuth property with a SignInURL that has enabled as true. | No | |||||||||
Server External Port | The external port number of the EWS server. The system uses this only when this declaration has a HostName value. | No | |||||||||
Server External Path | The external path of the EWS server. The system uses this only when this declaration has a HostName value. | No | |||||||||
Use of OAuth | Specifies whether the connection should use OAuth for authentication. If OAuth is specified, the password field should be left empty. See OAuth dictionary below. | No | |||||||||
Authentication credentials asset | Asset declaration that contains the credentials for this account. See Authentication credentials and identity asset settings. | No | |||||||||
Mail service active | Activates the mail service for this account. | No | |||||||||
Lock mail service | Prevents the user from changing the status of the mail service for this account. | No | |||||||||
Contacts service active | Activates the address book service for this account. | No | |||||||||
Lock contacts service | Prevents the user from changing the status of the address book service for this account. | No | |||||||||
Calendar service active | Activates the calendar service for this account. | No | |||||||||
Lock calendar service | Prevents the user from changing the status of the calendar service for this account. | No | |||||||||
Reminders service active | Activates the reminders service for this account. | No | |||||||||
Lock reminders service | Prevents the user from changing the status of the reminders service for this account. | No | |||||||||
Notes service active | Activates the notes service for this account. | No | |||||||||
Lock notes service | Prevents the user from changing the status of the notes service for this account. | No | |||||||||
SMIME | Settings for S/MIME. | No | |||||||||
OAuth dictionary
The settings for the Exchange configuration OAuth dictionary.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Use OAuth | Enables OAuth for this account if true. | Yes | |||||||||
Sign In URL | The URL that this account uses for signing in with OAuth. | No | |||||||||
Token Request URL | The URL that this account uses for token requests with OAuth. | No | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how various Exchange settings are applied to your users, consult your MDM vendor’s documentation.