Exchange ActiveSync enables employees to access work-related email, calendar, and contacts with their mobile devices.
This article explains how you can specify Mail for Exchange account settings and apply them to the native Mail application on your iPhones and iPads remotely using Miradore.
How to configure Exchange ActiveSync on iOS?
Steps to configure Exchange ActiveSync on iPhones/iPads.
Start by going to the Management > Configuration profiles and choosing Add > iOS > Mail for Exchange.
ActiveSync account settings
On the ActiveSync account tab, you can configure the account details. The Exchange settings are explained below.
- Account name: Defines the account display name which is shown to users on their iPhones and iPads.
- OAuth enabled: Defines if the configuration uses OAuth for authentication when communicating with the Exchange server. OAuth is compatible with devices running iOS 12 or above. Basic authentication will be used for authentication if OAuth is disabled. Notice that Microsoft is deprecating the possibility to use basic authentication with Exchange Online (Microsoft 365). Read more information about the topic from the article Enabling OAuth on Mail for Exchange for iOS.
- OAuth configuration: Choose here the correct OAuth configuration option for your Microsoft 365 or on-premise Exchange server.
- Allow move: Defines if the configuration allows device users to move messages from this account to other accounts configured on their devices.
- S/MIME enabled: S/MIME is for signing and encrypting email messages in the native mail application. S/MIME enabled requires iOS versions 5.0 until 9.3.3.
- S/MIME signing enabled: Signing enables the possibility to digitally sign messages. The purpose of signing is to help users receiving the messages to be certain about who sent the message. S/MIME signing is intended for devices with iOS versions 10.3 and above. If you have enabled the signing option, you will be able to upload the identity certificate for signing.
- S/MIME encrypt by default: Defines if all messages are encrypted by default. S/MIME encryption is intended for devices with iOS versions 10.3 and above. If you have enabled the encrypt option, you will be able to upload the encryption certificate.
Microsoft 365 settings
- Domain: Enter the domain of your organization's Microsoft 365 account. For example "trestacom.com".
- Server hostname: Defines the Microsoft Exchange server's hostname or IP address.
- OAuth sign-in URL: Defines the sign-in URL that this account should use for signing in via OAuth. This field is optional. If not provided, then auto-discovery will be used.
- OAuth token request URL: Defines the URL that this account should use for token requests via OAuth. This field is optional. If not provided, then auto-discovery will be used.
- Use SSL: Defines if SSL is used when sending emails, receiving emails, and communicating with the Exchange server.
On the Synchronization settings tab, you can define the number of past days of email to sync on the device.
On the User settings tab, you can define the user-related information. The user-specific account settings are fetched from the user data in Miradore (Company > Users). Find out more information about user-specific settings.
When you have created the policy, you can deploy it to the managed iOS devices, for example, from the Configuration profile page (Management > Configuration profiles > Mail for Exchange configuration). Read more instructions on how to deploy configuration profiles to the devices.