XenMobile Server

Exchange device policy

You can use the Exchange ActiveSync device policy to configure an email client on user devices to let them access their corporate email hosted on Exchange. You can create policies for iOS, macOS, Android Enterprise, Samsung SAFE, Samsung Knox, and Windows Tablet. Each platform requires a different set of values, which are described in detail in the following sections.

To create this policy, you need the host name or IP address of the Exchange Server. For information about ActiveSync settings, see the Microsoft article ActiveSync CSP.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

Image of Device Policies configuration screen

  • Exchange ActiveSync account name: Type the description of the email account that is displayed on user devices.
  • Exchange ActiveSync host name: Type the address of the email server.
  • Use SSL: Select whether to secure connections between user devices and the Exchange Server. The default is On.
  • Domain: Enter the domain in which the Exchange Server is. You can use the system macro $user.domainname in this field to automatically lookup user domain names.
  • User: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically lookup user names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically lookup user email accounts.
  • Use OAuth: If set to On, the connection uses OAuth for authentication. The default is Off. This option applies to iOS 12.0 and later.
    • OAuth sign-in URL: Specifies the URL to load into a webview to authenticate using OAuth when the AutoDiscovery Service isn’t used. This field appears only when Use OAuth is set to On.
    • OAuth token request URL: Specifies the URL that the account can use for OAuth token requests. This field appears only when Use OAuth is set to On.

    Image of Use OAuth enabled

  • Password: Enter an optional password for the Exchange user account. This setting doesn’t appear when Use OAuth is On.
  • Email sync interval: In the list, choose how often an email is synced with the Exchange Server. The default is 3 days.
  • Identity credential (keystore or PKI): Click an optional identity credential in the drop-down list if you’ve configured an identity provider for XenMobile. This field is only required when Exchange requires a client certificate authentication. The default is None.
  • Authorize email move between accounts: Select whether to allow users to move email out of this account into another account and to forward and reply from a different account. The default is Off.
  • Send email only from email app: Select whether to restrict users to the iOS mail app for sending email. The default is Off.
  • Disable email recent syncing: Select whether to prevent users from syncing recent addresses. The default is Off. This option applies only to iOS 6.0 and later.
  • Allow Mail Drop: Select whether to allow the account to use Mail Drop. The default is Off.
  • Enable S/MIME Signing: Select whether this account supports S/MIME signing. The default is On. When set to On, the following fields appear.
    • Signing identity credential: Choose the signing credential to use.
    • S/MIME Signing User Overrideable: If set to On, users can turn S/MIME signing on and off in the settings of their devices. The default is Off. This option applies to iOS 12.0 and later.
    • S/MIME Signing Certificate UUID User Overrideable: If set to On, users can select, in the settings of their devices, the signing credential to use. The default is Off. This option applies to iOS 12.0 and later.
  • Enable S/MIME Encryption: Select whether this account supports S/MIME encryption. The default is Off. When set to On, the following fields appear.
    • Encryption identity credential: Choose the encryption credential to use.
    • Enable per message S/MIME switch: When set to On, shows users an option to switch S/MIME encryption on or off for each message they compose. The default is Off.
    • S/MIME Encrypt By Default User Overrideable: If set to On, users can, in the settings of their devices, select whether S/MIME is on by default. The default is Off. This option applies to iOS 12.0 and later.
    • S/MIME Encryption Certificate UUID User Overrideable: If set to On, users can turn S/MIME encryption identity and encryption on and off in the settings of their devices. The default is Off. This option applies to iOS 12.0 and later.
  • Policy settings
    • Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
      • Select date: Click the calendar to select the specific date for removal.
      • Duration until removal (in hours): Type a number, in hours, until policy removal occurs. Only available for iOS 6.0 and later.

    Image of Policy settings

Synced Exchange Services

Synced Exchange Services

  • Synced Exchange Services calendars settings
    • Enable calendars: Allows you to enable or disable the Calendars service for the account. The default value is ON. If it is set to OFF, then the Calendars service is disabled for the account. The Calendars service can be enabled again in the settings, only if the Enable user overridable calendars button is set to ON.
    • Enable user overridable calendars: Allows you to change the state of the Calendars service for the account in the settings. The default value is ON. If it is set to OFF, then you can’t change the state of the Calendars service.
  • Synced Exchange Services contacts settings
    • Enable contacts: Allows you to enable or disable the Contacts service for the account. The default value is ON. If it is set to OFF, then the Contacts service is disabled for the account. The Contacts service can be enabled again in the settings, only if the Enable user overridable contacts button is set to ON.
    • Enable user overridable contacts: Allows you to change the state of the Contacts service for the account in the settings. The default value is ON. If it is set to OFF, then you can’t change the state of the Calendars service.
  • Synced Exchange Services mail settings
    • Enable mail: Allows you to enable or disable the Mail service for the account. The default value is ON. If it is set to OFF, then the Mail service is disabled for the account. The Mail service can be enabled again in the settings, only if the Enable user overridable mail button is set to ON.
    • Enable user overridable mail: Allows you to change the state of the Mail service for the account in the settings. The default value is ON. If it is set to OFF, then you can’t change the state of the Mail service.
  • Synced Exchange Services notes settings
    • Enable notes: Allows you to enable or disable the Notes service for the account. The default value is ON. If it is set to OFF, then the Notes service is disabled for the account. The Notes service can be enabled again in the settings, only if the Enable user overridable notes button is set to ON.
    • Enable user overridable notes: Allows you to change the state of the Notes service for the account in the settings. The default value is ON. If it is set to OFF, then you can’t change the state of the Notes service.
  • Synced Exchange Services reminders settings
    • Enable reminders: Allows you to enable or disable the Reminders service for the account. The default value is ON. If it is set to OFF, then the Reminders service is disabled for the account. The Reminders service can be enabled again in the settings, only if the Enable user overridable reminders button is set to ON.
    • Enable user overridable reminders: Allows you to change the state of the Reminders service for the account in the settings. The default value is ON. If it is set to OFF, then you can’t change the state of the Reminders service.

macOS settings

Image of Device Policies configuration screen

  • Exchange ActiveSync account name: Type the description of the email account that is displayed on user devices.
  • User: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically lookup user names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically lookup user email accounts.
  • Use OAuth: If set to On, the connection uses OAuth for authentication. The default is Off. This option applies to macOS 10.14 and later.
  • OAuth SignIn URL: Specifies the URL to load into a webview to authenticate using OAuth when the AutoDiscovery Service isn’t used. This field appears when Use OAuth is set to On.
  • Password: Enter an optional password for the Exchange user account. This setting doesn’t appear when Use OAuth is On.
  • Internal Exchange host: If you want your internal and external Exchange host names to be different, type an optional internal Exchange host name.
  • Internal server port: If you want your internal and external Exchange server ports to be different, type an optional internal Exchange server port number.
  • Internal server path: If you want your internal and external Exchange server paths to be different, type an optional internal Exchange server path.
  • Use SSL for internal Exchange host: Select whether to secure connections between user devices and the internal Exchange host. The default is On.
  • External Exchange host: If you want your internal and external Exchange host names to be different, type an optional external Exchange host name.
  • External server port: If you want your internal and external Exchange server ports to be different, type an optional external Exchange server port number.
  • External server path: If you want your internal and external Exchange server paths to be different, type an optional external Exchange server path.
  • Use SSL for external Exchange host: Select whether to secure connections between user devices and the internal Exchange host. The default is On.
  • Allow Mail Drop: Select whether to allow users to share files wirelessly between two Macs, without having to connect to an existing network. The default is Off.

  • Policy settings
    • Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
      • Select date: Click the calendar to select the specific date for removal.
      • Duration until removal (in hours): Type a number, in hours, until policy removal occurs.
    • Allow user to remove policy: You can select when users can remove the policy from their device. Select Always, Passcode required, or Never from the menu. If you select Passcode required, type a passcode in the Removal passcode field.
    • Profile scope: Select whether this policy applies to a User or an entire System. The default is User. This option is available only on macOS 10.7 and later.

Windows Desktop/Tablet settings

Image of Device Policies configuration screen

Note:

This policy does not allow you to set the user password. Users must set that parameter from their devices after you push the policy.

  • Account name or display name: Type the Exchange ActiveSync account name.
  • Server name or IP address: Type the Exchange Server host name or IP address.
  • Domain: Enter the domain in which the Exchange Server is. You can use the system macro $user.domainname in this field to automatically lookup user domain names.
  • User ID or user name: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically lookup user names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically lookup user email accounts.
  • Use SSL connection: Select whether to secure connections between user devices and the Exchange Server. The default is Off.
  • Past days to sync: In the list, click how many days into the past to sync all content on the device with the Exchange Server. The default is All content.
  • Frequency: In the list, click the schedule to use when syncing data that is sent to the device from the Exchange Server. The default is When it arrives.
  • Logging level: Click Disabled, Basic, or Advanced in the drop-down list to specify the level of detail when logging Exchange activity. The default is Disabled.
Exchange device policy