Device Management Profile

ExchangeActiveSync

The payload for configuring Exchange ActiveSync accounts. 

Properties

allowMailDrop
boolean

If true, enables this account to use Mail Drop.

Certificate
string

The .p12 identity certificate in NSData blob format, for accounts that allow authentication via certificate.

CertificateName
string

The name or description of the certificate.

CertificatePassword
string

The password necessary for the .p12 identity certificate. Used with mandatory encryption of profiles.

The communication service handler rules for this account. 

disableMailRecentsSyncing
boolean

If true, excludes this account from Recent Addresses syncing.

EmailAddress
string

The full email address for the account. If not present in the payload, the device prompts for this string during profile installation.

HeaderMagic
string

The value of the X-Apple-Config-Magic header in each EAS HTTP request.

Host
string

The Exchange server host name or IP address.

If using OAuth, the host name is ignored.

MailNumberOfPastDaysToSync
integer

The number of days in the past to sync mail on the device.

OAuth
boolean

If true, enables OAuth for authentication. If enabled, don't specify a password.

Password
string

The password of the account. Use only with encrypted profiles.

PayloadCertificateUUID
string

The UUID of the certificate payload to use for the identity credential. If this field is present, the Certificate field is not used.

PreventAppSheet
boolean

If true, prevents this account from sending mail in any app other than the Apple Mail app.

PreventMove
boolean

If true, prevents messages from being moved out of this email account into another account. This setting also prevents forwarding or replying from an account other than the one the message was sent to.

SMIMEEnabled
boolean

If true, enables S/MIME encryption. In iOS 10.0 and later, this key is ignored.

SMIMEEncryptionEnabled
boolean

If true, enables S/MIME encryption for this account.

SMIMESigningEnabled
boolean

If true, enables S/MIME signing for this account.

SMIMESigningUserOverrideable
boolean

If true, the user can turn S/MIME signing on or off in Settings.

SMIMEEnableEncryptionPerMessageSwitch
boolean

If true, displays the per-message encryption switch in the Mail Compose UI.

SMIMEEnablePerMessageSwitch
boolean

If true, displays the per-message encryption switch in the Mail Compose UI.

As of iOS 12.0, this key is deprecated. Use SMIMEEnableEncryptionPerMessageSwitch instead.

SMIMEEncryptByDefault
boolean

If true, enables S/MIME encryption by default.

SMIMEEncryptByDefaultUserOverrideable
boolean

If true, the user can turn encryption by default on/off, and encryption is on.

SMIMEEncryptionCertificateUUID
string

The payload UUID of the identity certificate used to decrypt messages sent to this account. The public certificate is attached to outgoing mail to allow encrypted mail to be sent to this user. When the user sends encrypted mail, the public certificate is used to encrypt the copy of the mail in the user's Sent mailbox. 

SMIMEEncryptionCertificateUUIDUserOverrideable
boolean

If true, the user can select the S/MIME encryption identity, and encryption is on.

SMIMESigningCertificateUUID
string

The UUID of the identity certificate used to sign messages sent from this account.

SMIMESigningCertificateUUIDUserOverrideable
boolean

If true, the user can select the signing identity.

SSL
boolean

If true, enables SSL for authentication.

UserName
string

This user name for this Exchange account. The user name is required in macOS or noninteractive installations like MDM in iOS.

EnableCalendars
boolean

If false, disables the Calendars service for this account. The Calendars service may be re-enabled in Settings unless EnableCalendarsUserOverridable is false.

EnableMail, EnableContacts, EnableCalendars, EnableReminders, and EnableNotes can't all be set to false.

EnableCalendarsUserOverridable
boolean

If false, prevents the user from changing the state of the Calendars service for this account in Settings.

EnableContacts
boolean

If false, disables the Contacts service for this account. The Contacts service may be re-enabled in Settings unless EnableContactsUserOverridable is false.

EnableMail, EnableContacts, EnableCalendars, EnableReminders, and EnableNotes can't all be set to false.

EnableContactsUserOverridable
boolean

If false, prevents the user from changing the state of the Contacts service for this account in Settings.

EnableMail
boolean

If false, disables the Mail service for this account. The Mail service may be re-enabled in Settings unless EnableMailUserOverridable is false.

EnableMail, EnableContacts, EnableCalendars, EnableReminders, and EnableNotes can't all be set to false.

EnableMailUserOverridable
boolean

If false, prevents the user from changing the state of the Mail service for this account in Settings.

EnableNotes
boolean

If false, disables the Notes service for this account. The Notes service may be re-enabled in Settings unless EnableNotesUserOverridable is false.

EnableMail, EnableContacts, EnableCalendars, EnableReminders, and EnableNotes can't all be set to false.

EnableNotesUserOverridable
boolean

If false, prevents the user from changing the state of the Notes service for this account in Settings.

EnableReminders
boolean

If false, disables the Reminders service for this account. The Reminders service may be re-enabled in Settings unless EnableRemindersUserOverridable is false.

EnableMail, EnableContacts, EnableCalendars, EnableReminders, and EnableNotes can't all be set to false.

EnableRemindersUserOverridable
boolean

If false, prevents the user from changing the state of the Reminders service for this account in Settings.

OAuthSignInURL
string

The URL that this account should use for signing in via OAuth. When this URL is specified, auto-discovery is not used for this account so you must also specify a host.

This field is ignored unless OAuth is true.

OAuthTokenRequestURL
string

The URL that this account should use for token requests via OAuth.

This field is ignored unless OAuth is true.

Discussion

Specify com.apple.eas.account as the payload type.

Profile Availability

Device Channel

iOS

User Channel

Shared iPad

Allow Manual Install

iOS

Requires Supervision

-

Requires User Approved MDM

-

Allowed in User Enrollment

iOS

Allow Multiple Payloads

iOS, Shared iPad

See Also

Mail

object ExchangeWebServices

The payload for configuring an Exchange Web Services account for Contacts, Mail, Notes, Reminders, and Calendar.

object Mail

The payload for configuring a mail account on the device.