Exchange Configuration

An Exchange configuration sets up ActiveSync-based email on Android, iOS, and visionOS devices and  Exchange Web Services (EWS)-based email for macOS devices.

The Exchange Configuration is deprecated by Samsung in Android 9. For Samsung devices on Android 9 and later versions, the Exchange Configuration is not supported in Device Admin mode.

Exchange settings

Setting

What to do

Name

Enter a name that identifies this configuration.

Description

Enter a description that clarifies the purpose of this configuration.

Exchange Host

If you are using Sentry to control email access, enter the Sentry server host name. Otherwise, enter the address of the ActiveSync server.*

Allow Move

For iOS and Android: Select if you do not want to prevent email from being moved from this account.

For Windows 10: Not applicable.

Enable S/MIME

Select to turn on support S/MIME encryption. Then, you can select signing and encryption certificates.

Requires certificate caching. Make sure that caching is enabled in the Certificate Authority being used by Identity Certificate's configuration.

iOS 10.3+:

Select one of the following options for the S/MIME signing and S/MIME encryption fields:

  • Off
  • On
  • User Select

iOS 12.0+:

  • Enable user to override S/MIME signing settings
  • Enable user to select S/MIME signing identity
  • Enable user to override S/MIME encryption settings
  • Enable user to select S/MIME encryption identity

Enable S/MIME per-message signing and encryption if required.

Sync Recent Email Addresses

Select to sync recently-contacted email addresses between the device and the server.

Use Only in Mail

Select if you want this configuration to be used only by the email client. Other apps that send email, including apps that send content using the native email client, are not able to use this configuration.

Use SSL

Select to use only the secure socket layer for communications between the device and the server.

Enable OAuth for exchange payload

iOS 12.0+ and macOS 10.14+:

Select to enable authentication using OAuth.

If this option is enabled, the following additional settings are available for email apps that support authentication using OAuth:

  • OAuth Sign In URL
  • OAuth Token Request URL

Domain

Enter the domain for this email account, unless you want the user to be prompted for it.

User

Enter a variable representing the email address for this account.*

Account Password

Enter the password for this account, unless you want the user to be prompted for it.

Email Address

Enter a variable representing the email address for this account.*

Past Days of Mail to Sync

Select the number of days of email to sync between the device and the server.

Per-App VPN

Prerequisite: Configure Tunnel or any per-app VPN configuration before configuring per-app VPN in Exchange Active Sync configuration.

From the drop-down menu, select the pre-configured per-app VPN configuration.

Applicable to: iOS 14+

Android and Windows

Sync Calendar

For Android and Windows 10: Select to sync calendar items between the device and the server.

For Samsung devices: This setting is not used (it is ON by default).

For Android Email+ app: This setting is used.

Sync Contacts

For Android and Windows 10: Select to sync contacts between the device and the server.

For Samsung devices: This setting is not used (it is ON by default).

For Android Email+ app: This setting is used.

Sync Email

For Android and Windows 10: Select to sync email between the device and the server.

For Samsung devices: This setting is not used (it is ON by default).

For Android Email+ app: This setting is not used (it is ON by default).

Sync Tasks

For Android and Windows 10: Select to sync tasks between the device and the server.

For Samsung devices: This setting is not used (it is ON by default).

For Android Email+ app: Not applicable.

iOS 13.0+

  • Sync Calendar
  • Sync Contacts
  • Sync Mail
  • Sync Notes
  • Sync Reminders

Specify individual syncing of Outlook Exchange items such as Calendar, Contacts, Mail, Notes, and Reminders.

For each item, select or deselect the Enable and the Allow User Override options.

Sync must be enabled for at least one of the these items. If you disable syncing for one of the options but allow user to override, the user will still be able to enable it.

Identity Certificate

Select an identity certificate from the list if you want the device to authenticate to the server using a certificate. Certificates appear in this list only if already configured using an identity certificate configuration.

Android

Use Certificate Based Authentication Only

Use the selected identity certificate as the only means of authenticating to the Exchange server.

Accept all SSL Certificates

Select to allow device users to set Android devices to accept all SSL certificates. This setting applies to Android Email+ and Samsung Knox Email.

  • Use caution when enabling this setting, as device users might unknowingly expose the device to attack.
  • This option needs to be enabled if the Sentry certificate is a self-signed or unknown certificate.

Exchange App Priority

Select the email client to be configured by default on Android devices - Android Email+ and Samsung Email.

Email+ app are added in the app catalog for all tenants that has enabled the Exchange app priority.

iOS 10+

Communication Service Rules

Choose a default app to use to make audio calls to contacts within the CardDAV system.

Windows 10+ Only

Configure Outlook

Select this option to configure Microsoft Outlook to a device.

This option is supported only if Bridge is enabled.

*Type $ to see a list of supported variables, if available, for this field.