You can create a Microsoft Exchange profile for your users. Then the users won’t have to create new e-mail accounts on their mobile devices.
- First proceed as described here.
- Select Exchange as the profile you wish to add. The following dialog will open.
Make the following settings:
- Profile name/Account name: Specify a name for the profile or for the account.
- Exchange ActiveSync host: Enter in your mail server here. When using Exchange Online, enter the following: outlook.office365.com
- Domain: Put your domain name in here.
- User: Enter the user’s domain name here. With Autofill (UPN) this will be read automatically. Alternatively, you can also use variables.
Note! Provided that the UPN was previously stored in the user management.
- E-mail address: You can enter the user’s e-mail address here. With Autofill this will be read automatically. Provided it was previously stored in the user management.
- Password: You can optionally enter a password. Then the user will not have to authenticate himself on the mobile device before using the Exchange account. If you leave this field blank, the user will have to enter her or his password to be able to access e-mails.
Note! If there was no password saved in the exchange profile, the user will receive a one-off popup message on his device, with a prompt to enter his password. If the user does not enter the password then, it can be entered later in the device settings under Mail→ Accounts→ Exchange ActiveSync→ Account→ Password.
- E-mail to sync: You can set up e-mail synchronisation here. Then the user will only see messages from the specified time period in the mailbox on the mobile device.
- Identity certificate: can only be selected if Use SSL has been selected on the left. If a SCEP profile (see section SCEP profile or a Certificate profile was set previously, this profile appears here as an option.
You can enable various checkboxes:
- Allow move: With this option, you allow the user to move e-mails from this e-mail account to others.
- Allow recent address syncing: Select this option, if you want the user’s address book to be synchronized.
- Use only in Mail: This will disable the user to interact with this Exchange account from within other apps.
- Use SSL: Select this option, if you want the connection between the mail app on the user devices and the Exchange server to be encrypted via SSL.
Starting with iOS/iPadOS version 14, Exchange accounts configured for OAuth and Microsoft cloud services (e.g. Office 365 or outlook.com) are automatically updated to use Microsoft's OAuth 2.0 authentication service. For more information, see here.
- Use OAuth for authentication: Select this checkbox if you want to use OAuth for authentication. If you select OAuth, the password field should remain blank.
- OAuth Sign In URL: Enter the URL you want this account to use for signing in via OAuth. If a URL is specified, autodiscovery will not be used for this account, so you will also need to specify a host.
- OAuth Token Request URL: Enter the URL that you want this account to use for token requests via OAuth.
- Enable S/MIME signing: Select this option, if outgoing e-mails must be signed. With this option enabled, you can select Signing certificate.
- Allow to enable or disable S/MIME signing: With this checkbox, you can allow users to enable or disable S/MIME signing.
- Allow to modify S/MIME signing certificate: By enabling this checkbox, you can allow users to modify the S/MIME signing certificate.
- Enable S/MIME encryption by default: Select this option if outgoing e-mails must be encrypted. With this option enabled, you can select Encryption certificate.
- Allow to enable or disable S/MIME encryption: With this checkbox, you can allow users to enable or disable S/MIME encryption.
- Enable per-message encryption switch: Specify whether users have the option to encrypt messages on a per-message basis.
- Enabled services: Select the desired services here. At least one service must be selected.
- Account modifications: Specify here whether account modifications are allowed for selected services.
Now you can distribute the newly created profile to users/groups/devices.
- To do this, select the desired profile in the left-hand column of the Administration Portal and click Assign.
- Now select the users, groups or devices to whom you want to assign this profile.
Note! You can also assign the profiles under Administration→ Users or Groups.