ActiveSync

The ActiveSync settings allow iOS devices that are managed by MaaS360® to use a set of variables so that accounts do not have to be customized for each user. The MDM profile payload includes ActiveSync settings that are delivered to the native iOS mail agent.

The following system variables are used by MaaS360:

Variable	Description
`%email%`	The email address of the user account.
`%upn%`	The name of the domain that is added after the `@` sign when the domain user account is created.
`%domain%`	The domain user account.

ActiveSync settings

The following table describes the ActiveSync settings that you can configure on an iOS device:

Policy setting	Description	Supported devices
Account name for the ActiveSync server	The ActiveSync account name that is displayed on the device.
Host name of the ActiveSync server	The name of the ActiveSync server that connects to the device.
Use SSL	Check this setting if the Exchange server uses SSL for authentication.
Domain name	The domain name for the user account.
Account username	Enter `%email%` to use the username account or email address, or leave the field blank to use the user name in the system.
Email address	The email address of the user. If the field is left blank, the user is prompted to provide an email address when they install their profile.
Enable OAuth authentication	The device uses OAuth (Open Authorization) 2.0 for user authentication. Configure OAuth Sign-in URL and OAuth token request URL parameters.	iOS 12.0+
OAuth Sign-in URL	The URL that the account uses to sign in using OAuth authentication. Note: If you use an OAuth Sign-in URL, auto-discovery is not used for the account. You must also provide the host name for the OAuth Sign-in URL.	iOS 13.0+
OAuth Token request URL	The URL that the account uses to receive token requests using OAuth authentication. Note: When a token expires, the user is prompted for a password to complete OAuth authentication.	iOS 13.0+
Synchronize emails for the selected date range	The email messages that are stored on a device for a certain amount of time. The settings range from storing the messages to an unlimited amount of time to storing the message for one day only.
Identity certificate	The identity certificate that is used to synchronize account configurations. You can add certificates from Security > Policies > Advanced Settings > Certificates.
Prevent moving mail to other accounts	The user cannot move email messages from an ActiveSync account to other mail accounts, even if the mail accounts are configured by MaaS360.	iOS 5.0+
Prevent third party apps from sending mail	The user cannot send email messages through third-party apps on the device, even if the mail account is configured by MaaS360.	iOS 5.0+
Disable synchronization of recent addresses list	The account is excluded from synchronizing with a list of recent email addresses.	iOS 6.0+
Corporate email domains	The comma-separated list of corporate email domains. The email addresses and the defined contacts are displayed in blue. Other domains are displayed in red before an email message is sent.	iOS 8.0+
App for audio calls	The default app that is used for audio calls for Contacts in the Exchange account.	iOS 10.0+
Enable S/MIME	The following S/MIME settings are available for configuration.	iOS 5.0+
Enable S/MIME encryption per message	The email message uses S/MIME for signing and encryption.	iOS 8.0+
Enable S/MIME message encryption	All email messages are encrypted by default with S/MIME certificates.	iOS 10.3+
Allow user to override enabling/disable encryption	The user can manage encryption on the device regardless of the default setting.	iOS 12.0+
S/MIME encryption certificate	The S/MIME encryption certificate that is used to decrypt email messages that are sent to the account. You can add certificates from Security > Policies > Advanced Settings > Certificates.	iOS 5.0+
Allow user to override encryption certificate	The user can change the encryption certificate that is used is on the device by overriding the default setting. You can choose the encryption certificate on the device from Advanced Settings > S/MIME > Encrypt by Default.	iOS 12.0+
Enable S/MIME message signing	All email messages use signed S/MIME certificates by default.	iOS 10.3+
Allow user to override S/MIME signing value	The user can manage the S/MIME signing value regardless of the default setting.	iOS 12.0+
S/MIME signing certificate	The S/MIME signing certificate that is used to validate mail accounts. This certificate ensures that data is received only from accounts that use signed certificates. You can add certificates from Security > Policies > Advanced Settings > Certificates.	iOS 5.0+
Allow user to override Signing certificate	The user can change the signing certificate that is used on the device by overriding the default setting. You can choose the signing certificate on the device from Advanced Settings > S/MIME > Sign.	iOS 12.0+
Enable Calendar	The administrator can configure the Calendar settings for the device. Choose from the following options: Calendar enabled and override allowed Calendar disabled and override allowed Calendar enabled and override not allowed Calendar disabled and override not allowed	iOS 13.0+
Enable Contacts	The administrator can configure the Contacts settings for the device. Choose from the following options: Contacts enabled and override allowed Contacts disabled and override allowed Contacts enabled and override not allowed Contacts disabled and override not allowed	iOS 13.0+
Enable Mail	The administrator can configure the Mail settings for the device. Choose from the following options: Mail enabled and override allowed Mail disabled and override allowed Mail enabled and override not allowed Mail disabled and override not allowed	iOS 13.0+
Enable Notes	The administrator can configure the Notes settings for the device. Choose from the following options: Notes enabled and override allowed Notes disabled and override allowed Notes enabled and override not allowed Notes disabled and override not allowed	iOS 13.0+
Enable Reminders	The administrator can configure the Reminders setting for the device. Choose from the following options: Reminders enabled and override allowed Reminders disabled and override allowed Reminders enabled and override not allowed Reminders disabled and override not allowed	iOS 13.0+

Note:

For a default iOS MDM policy, the default values are displayed for Mail, Contacts, Calendars, Reminders, and Notes. The behavior remains the same according to the Apple Configurator configuration.
For an iOS MDM policy that is copied from the default iOS MDM policy, these services (Mail, Contacts, Calendars, Reminders, Notes) are enabled by default. If the policy is copied from an existing policy, these services are not enabled by default.
If an administrator creates a new iOS MDM policy, these services (Mail, Contacts, Calendars, Reminders, Notes) are enabled by default. Administrators can enable or disable the services that are needed and publish the policy. The administrator is prompted to enable the appropriate services or enable at least one service and then publish the policy. The following error message is displayed: Enable the services that are required in ActiveSync. At least one of the services (Mail, Contacts, Calendars, Reminders, Notes) should be enabled to continue.
If an administrator tries to publish the iOS MDM policy where the ActiveSync payload is configured and there is also a copied policy, the policy is reloaded on iOS 13.0+ devices with the new parameter values.