Product Documentation

Exchange device policy

You can use the Exchange ActiveSync device policy to configure an email client on user devices to let them access their corporate email hosted on Exchange. You can create policies for iOS, macOS, Android HTC, Android TouchDown, Android for Work, Samsung SAFE, Samsung KNOX, Windows Phone, and Windows Tablet. Each platform requires a different set of values, which are described in detail in the following sections.

To create this policy, you need the host name or IP address of the Exchange Server. For information about ActiveSync settings, see the Microsoft article ActiveSync CSP.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

Image of Device Policies configuration screen

  • Exchange ActiveSync account name: Type the description of the email account that is displayed on user devices.
  • Exchange ActiveSync host name: Type the address of the email server.
  • Use SSL: Select whether to secure connections between user devices and the Exchange Server. The default is On.
  • Domain: Enter the domain in which the Exchange Server resides. You can use the system macro $user.domainname in this field to automatically look up user domain names.
  • User: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Password: Enter an optional password for the Exchange user account.
  • Email sync interval: In the list, choose how often email is synced with the Exchange Server. The default is 3 days.
  • Identity credential (keystore or PKI): In the list, click an optional identity credential if you have configured an identity provider for XenMobile. This field is only required when Exchange requires a client certificate authentication. The default is None.
  • Authorize email move between accounts: Select whether to allow users to move email out of this account into another account and to forward and reply from a different account. The default is Off.
  • Send email only from email app: Select whether to restrict users to the iOS mail app for sending email. The default is Off.
  • Disable email recent syncing: Select whether to prevent users from syncing recent addresses. The default is Off. This option applies only to iOS 6.0 and later.
  • Enable S/MIME: Select whether this account supports S/MIME authentication and encryption. The default is Off. When set to On, the following two fields appear:
    • Signing identity credential. The default is None.
    • Encryption identity credential. The default is None.
  • Enable per message S/MIME switch: Select whether to allow users to encrypt outgoing email on a per-message basis. The default is Off.

macOS settings

Image of Device Policies configuration screen

  • Exchange ActiveSync account name: Type the description of the email account that is displayed on user devices.
  • User: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Password: Enter an optional password for the Exchange user account.
  • Internal Exchange host: If you want your internal and external Exchange host names to be different, type an optional internal Exchange host name.
  • Internal server port: If you want your internal and external Exchange server ports to be different, type an optional internal Exchange server port number.
  • Internal server path: If you want your internal and external Exchange server paths to be different, type an optional internal Exchange server path.
  • Use SSL for internal Exchange host: Select whether to secure connections between user devices and the internal Exchange host. The default is On.
  • External Exchange host: If you want your internal and external Exchange host names to be different, type an optional external Exchange host name.
  • External server port: If you want your internal and external Exchange server ports to be different, type an optional external Exchange server port number.
  • External server path: If you want your internal and external Exchange server paths to be different, type an optional external Exchange server path.
  • Use SSL for external Exchange host: Select whether to secure connections between user devices and the internal Exchange host. The default is On.
  • Allow Mail Drop: Select whether to allow users to share files wirelessly between two Macs, without having to connect to an existing network. The default is Off.

Android HTC settings

Image of Device Policies configuration screen

  • Configuration display name: Type the name for this policy that appears on user devices.
  • Server address: Type the Exchange Server host name or IP address.
  • User ID: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Password: Enter an optional password for the Exchange user account.
  • Domain: Enter the domain in which the Exchange Server resides. You can use the system macro $user.domainname in this field to automatically look up user domain names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Use SSL: Select whether to secure connections between user devices and the Exchange Server. The default is On.

Android TouchDown settings

Image of Device Policies configuration screen

  • Server name or IP address: Type the Exchange Server host name or IP address.
  • Domain: Type the domain in which the Exchange Server resides. You can use the system macro $user.domainname in this field to automatically look up user domain names.
  • User ID: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Password: Type an optional password for the Exchange user account.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Identity credential (keystore or PKI): In the list, click an optional identity credential if you have configured an identity provider for XenMobile. This field is only required when Exchange requires a client certificate authentication. The default is None.
  • App Setting: Optionally, add TouchDown app settings for this policy.
  • Policy: Optionally, add TouchDown policies for this policy.

Android for Work

Image of Device Policies configuration screen

  • Server name or IP address: Type the Exchange Server host name or IP address.
  • Domain: Type the domain in which the Exchange Server resides. You can use the system macro $user.domainname in this field to automatically look up user domain names.
  • User ID: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Password: Type an optional password for the Exchange user account.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Identity credential (keystore or PKI): In the list, click an optional identity credential if you have configured an identity provider for XenMobile. This field is only required when Exchange requires a client certificate authentication. The default is None.

Samsung SAFE and Samsung KNOX settings

Image of Device Policies configuration screen

  • Server name or IP address: Type the Exchange Server host name or IP address.
  • Domain: Type the domain in which the Exchange Server resides. You can use the system macro $user.domainname in this field to automatically look up user domain names.
  • User ID: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Password: Type an optional password for the Exchange user account.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Identity credential (keystore or PKI): In the list, click an optional identity credential if you have configured an identity provider for XenMobile. This field is only required when Exchange requires a client certificate authentication.
  • Use SSL connection: Select whether to secure connections between user devices and the Exchange Server. The default is On.
  • Sync contacts: Select whether to enable synchronization for user contacts between devices and the Exchange Server. The default is On.
  • Sync calendar: Select whether to enable synchronization for user calendars between devices and the Exchange Server. The default is On.
  • Default account: Select whether to make user Exchange accounts the default for sending email from their devices. The default is On.

Windows Phone and Windows Desktop/Tablet settings

Image of Device Policies configuration screen

Note:

This policy does not allow you to set the user password. Users must set that parameter from their devices after you push the policy.

  • Account name or display name: Type the Exchange ActiveSync account name.
  • Server name or IP address: Type the Exchange Server host name or IP address.
  • Domain: Enter the domain in which the Exchange Server resides. You can use the system macro $user.domainname in this field to automatically look up user domain names.
  • User ID or user name: Specify the user name for the Exchange user account. You can use the system macro $user.username in this field to automatically look up user names.
  • Email address: Specify the full email address. You can use the system macro $user.mail in this field to automatically look up user email accounts.
  • Use SSL connection: Select whether to secure connections between user devices and the Exchange Server. The default is Off.
  • Past days to sync: In the list, click how many days into the past to sync all content on the device with the Exchange Server. The default is All content.
  • Frequency: In the list, click the schedule to use when syncing data that is sent to the device from the Exchange Server. The default is When it arrives.
  • Logging level: In the list, click Disabled, Basic, or Advanced to specify the level of detail when logging Exchange activity. The default is Disabled.