Exchange ActiveSync

Exchange ActiveSync lets users access corporate data stored in the Exchange server or any other EAS compliant server. Users can access information such as e-mails, contacts, calendar, and tasks even when they are offline. EAS can be configured to use SSL encryption to establish secure communication between the EAS host and the managed devices. Also, MDM MSP lets you store and view e-mail attachments using the ManageEngine MDM MSP app.



Account Name

You can specify a name for your Exchange ActiveSync account. This name is not mandatory and is only used for reference.

Exchange Host Type

Specify the type of the Exchange Server - whether it is Office 365 or Exchange On-Premises.

Exchange Server

Specify the details of the Exchange Server. If Exchange Host Type is selected as Office 365, then Exchange Server is pre-filled as else the server name has to be specified.


User Name

The username or login name usually consists of the user's name and domain-based suffix. Use %upn% to fetch the username mapped to the device.

Identity Certificate

Specify the Identity certificate to be used for EAS. If no certificate has been added yet, you can upload a certificate.

OAuth (supported for iOS 12 or later versions)

Enabling OAuth ensures that the Exchange client does not access the user's credentials. The users are redirected to Exchange Online to log into their account.

Domain (Can be configured only if Exchange Host Type is selected as Exchange On-Premises)

Enter the domain of the Exchange server. Use %domainname% to fetch the appropriate domain name mapped to the device.

E-mail Address (Can be configured only if Exchange Host Type is selected as Exchange On-Premises)

This is the e-mail address to be displayed on the 'From' field of the e-mail. Use %email% to fetch the appropriate e-mail addresses mapped to the devices.

Password (Can be configured only if Exchange Host Type is selected as Exchange On-Premises)

The password associated with the EAS Host account has to be specified here. If the password field is left empty, password is prompted once the profile is installed in the device.


Prevent moving messages to other mail Accounts

Prevent users from moving mails to other mail accounts on their devices. This also restricts users from forwarding or replying to already moved mails using other mail accounts.

Block account usage from non-mail apps

Prevent the usage of Exchange mail account from non-mail apps such as Photos, Safari, etc. to send messages.

Use SSL for mail communication

Send all communication through Secure Sockets Layer.

Enable S/MIME to encrypt or decrypt Mails

Send outgoing mails using S/MIME encryption and receive incoming mails using S/MIME decryption.

Certificate for signing mails (encrypt outgoing mails)

Upload the required certificate to encrypt all outgoing mails.

Certificate to decrypt incoming mails

Upload the required certificate to decrypt all incoming mails.

Sync Calendar

You can configure Calendar sync in Exchange or allow users to configure it.

Sync Contacts

You can configure Contact sync in Exchange or allow users to configure it.

Sync Notes

You can configure Notes sync in Exchange or allow users to configure it.

Sync Mail

You can configure Mail sync in Exchange or allow users to configure it.

Mails to save offline

You can select the duration for which mails can be synced and saved offline. This cannot be configured when Sync Mail is set as Disable and Restrict modification

Sync Reminder

You can configure Reminder sync in Exchange or allow users to configure it.

Disable recent mail address sync
(supported for iOS 6 or later versions)

Disable syncing with the recently used e-mail address in iCloud.

NOTE: By default, all the calendar, contacts, notes, and tasks are synced along with the mails, once the profile has been applied to the devices.

Dynamic Variables :

The below mentioned dynamic variables retrieve the data of the users added during enrollment.

  1. If an Exchange account has been previously configured on the device, the same account cannot be configured using MDM MSP.
  2. If the Add/ Modify account restriction has been applied to the device, the user is prompted to enter the password only once. If the user enters the wrong password, the profile has to be redistributed to prompt for password.

NOTE: Ensure that the maximum limit on the number of devices per mailbox is not breached while pushing Exchange Activesync profile.

Troubleshooting tips

I've changed passcode for the Exchange accounts of all users. But they're still able to access it as they've logged in previously. How do I ensure the user logs in with the new passcode?

Exchange ActiveSync Troubleshooting



See Also: Associating Profiles to Groups, Associating Profiles to Devices, App Management, Distribute Apps to Devices, Distribute Apps to Groups
Copyright © 2021, ZOHO Corp. All Rights Reserved.