The ActiveSync settings allow iOS devices that are managed by MaaS360® to use a set of variables so that accounts do not have to be customized for each user. The MDM profile payload includes ActiveSync settings that are delivered to the native iOS mail agent.
The following system variables are used by MaaS360:
|%email%||The email address of the user account.|
|%upn%||The name of the domain that is added after the @ sign when the domain user account is created.|
|%domain%||The domain user account.|
The following table describes the ActiveSync settings that you can configure on an iOS device:
|Policy setting||Description||Supported devices|
|Account name for the ActiveSync server||The ActiveSync account name that is displayed on the device.|
|Host name of the ActiveSync server||The name of the ActiveSync server that connects to the device.|
|Use SSL||Check this setting if the Exchange server uses SSL for authentication.|
|Domain name||The domain name for the user account.|
|Email address||The email address of the user. If the field is left blank, the user is prompted to provide an email address when they install their profile.|
|Enable OAuth authentication||The device uses OAuth (Open Authorization) 2.0 for user authentication. Configure OAuth Sign-in URL and OAuth token request URL parameters.||iOS 12.0+|
|OAuth Sign-in URL||The URL that the account uses to sign in using OAuth authentication.
Note: If you use an OAuth Sign-in URL, auto-discovery is not used for the account. You must also provide the host name for the OAuth Sign-in URL.
|OAuth Token request URL||The URL that the account uses to receive token requests using OAuth authentication.
Note: When a token expires, the user is prompted for a password to complete OAuth authentication.
|Synchronize emails for the selected date range||The email messages that are stored on a device for a certain amount of time. The settings range from storing the messages to an unlimited amount of time to storing the message for one day only.|
|Identity certificate||The identity certificate that is used to synchronize account configurations.
You can add certificates from.
|Prevent moving mail to other accounts||The user cannot move email messages from an ActiveSync account to other mail accounts, even if the mail accounts are configured by MaaS360.||iOS 5.0+|
|Prevent third party apps from sending mail||The user cannot send email messages through third-party apps on the device, even if the mail account is configured by MaaS360.||iOS 5.0+|
|Disable synchronization of recent addresses list||The account is excluded from synchronizing with a list of recent email addresses.||iOS 6.0+|
|Corporate email domains||The comma-separated list of corporate email domains. The email addresses and the defined contacts are displayed in blue. Other domains are displayed in red before an email message is sent.||iOS 8.0+|
|App for audio calls||The default app that is used for audio calls for Contacts in the Exchange account.||iOS 10.0+|
|Enable S/MIME||The following S/MIME settings are available for configuration.||iOS 5.0+|
|Enable S/MIME encryption per message||The email message uses S/MIME for signing and encryption.||iOS 8.0+|
|Enable S/MIME message encryption||All email messages are encrypted by default with S/MIME certificates.||iOS 10.3+|
|Allow user to override enabling/disable encryption||The user can manage encryption on the device regardless of the default setting.||iOS 12.0+|
|S/MIME encryption certificate||The S/MIME encryption certificate that is used to decrypt email messages that are sent to the
You can add certificates from.
|Allow user to override encryption certificate||The user can change the encryption certificate that is used is on the device by overriding
the default setting.
You can choose the encryption certificate on the device from.
|Enable S/MIME message signing||All email messages use signed S/MIME certificates by default.||iOS 10.3+|
|Allow user to override S/MIME signing value||The user can manage the S/MIME signing value regardless of the default setting.||iOS 12.0+|
|S/MIME signing certificate||The S/MIME signing certificate that is used to validate mail accounts. This certificate
ensures that data is received only from accounts that use signed certificates.
You can add certificates from.
|Allow user to override Signing certificate||The user can change the signing certificate that is used on the device by overriding the
You can choose the signing certificate on the device from.
|Enable Calendar||The administrator can configure the Calendar settings for the device. Choose from the
|Enable Contacts||The administrator can configure the Contacts settings for the device. Choose from the
|Enable Mail||The administrator can configure the Mail settings for the device. Choose from the following options:
|Enable Notes||The administrator can configure the Notes settings for the device. Choose from the following options:
|Enable Reminders||The administrator can configure the Reminders setting for the device. Choose from the
- For a default iOS MDM policy, the default values are displayed for Mail, Contacts, Calendars, Reminders, and Notes. The behavior remains the same according to the Apple Configurator configuration.
- For an iOS MDM policy that is copied from the default iOS MDM policy, these services (Mail, Contacts, Calendars, Reminders, Notes) are enabled by default. If the policy is copied from an existing policy, these services are not enabled by default.
- If an administrator creates a new iOS MDM policy, these services (Mail, Contacts, Calendars, Reminders, Notes) are enabled by default. Administrators can enable or disable the services that are needed and publish the policy. The administrator is prompted to enable the appropriate services or enable at least one service and then publish the policy. The following error message is displayed: Enable the services that are required in ActiveSync. At least one of the services (Mail, Contacts, Calendars, Reminders, Notes) should be enabled to continue.
- If an administrator tries to publish the iOS MDM policy where the ActiveSync payload is configured and there is also a copied policy, the policy is reloaded on iOS 13.0+ devices with the new parameter values.