Configuring an Exchange mailbox on iOS MDM devices

Kaspersky Secure Mobility Management

Support Send link Get as PDF

Working in Kaspersky Security Center Web Console > Configuration and management > Management of mobile device settings > Configuring email > Configuring an Exchange mailbox on iOS MDM devices

Configuring an Exchange mailbox on iOS MDM devices

Expand all | Collapse all

These settings apply to supervised devices and devices operating in basic control mode.

To allow an iOS MDM device user to use corporate email, calendar, contacts, notes, and tasks, add the user's Exchange ActiveSync account on the Microsoft Exchange server.

By default, an account with the following settings is added on the Microsoft Exchange server:

Email is synchronized once per week.
The user can move messages between the user's accounts and synchronize account addresses.
The user can use any email clients (other than Mail) to use email.
The SSL connection is not used during transmission of messages.

You can edit the specified settings when adding the Exchange ActiveSync account.

To add an Exchange ActiveSync account of an iOS MDM device user:

In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
In the policy properties window, select Application settings.
Select iOS and go to the Device configuration section.
On the Exchange ActiveSync card, click Settings.
The Exchange ActiveSync window opens.
Enable the settings using the Exchange ActiveSync toggle switch.
Click Add.
The Add Exchange ActiveSync account window opens.
Specify the Exchange ActiveSync settings:
- On the General settings tab, specify the user's data:
  - In the Account name field, enter the account name for authorization on the Microsoft Exchange server. You can either enter a value or select a macro by clicking the button.
  - In the Exchange ActiveSync server address field, enter the DNS name or IP address of the Microsoft Exchange server.
  - Settings in the User credentials section:
    - In the User domain field, enter the name of the iOS MDM device user's domain. You can either enter a value or select a macro by clicking the button.
    - In the User name field, enter the name of the iOS MDM device user. You can either enter a value or select a macro by clicking the button.
      If you leave this field blank, Kaspersky Mobile Devices Protection and Management prompts the user to enter the user name when applying the policy on the iOS MDM device.
    - In the Email address field, specify the email address of the iOS MDM device user. You can either enter a value or select a macro by clicking the button.
  - Settings in the Authentication section:
    - In the Password field, enter the password of the Exchange ActiveSync account for authorization on the Microsoft Exchange server.
    - In the Authentication certificate drop-down list, select the certificate used for authenticating the iOS MDM device user on the Microsoft Exchange server. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.
- On the Additional settings tab, configure the additional settings of the Exchange ActiveSync account:
  - In the Email synchronization section, in the Synchronization period drop-down list, select the time interval for which email is automatically synchronized and stored on the iOS MDM device. The longer the email synchronization period, the more free space required in the memory of the mobile device. Messages that have not been synchronized are not available without an internet connection. The default value is 1 week.
  - In the Restrictions section, select or clear the following check boxes, if necessary:
    - Allow movement of messages between accounts (including work and personal accounts)
      Moving email messages between accounts.
      
      If the check box is selected, the user can move email messages from one account to another.
      
      If the check box is cleared, the user is prohibited from moving email messages from one account to another.
      
      This check box is selected by default.
      
      If you want to prohibit saving, moving, and sharing attachments from a corporate mailbox, clear the Allow movement of messages between accounts (including work and personal accounts) check box and select the Prohibit non-managed apps from using documents from managed apps and Prohibit managed apps from using documents from non-managed apps check boxes.
    - Allow syncing recent addresses
      Synchronization of email addresses between accounts.
      
      If the check box is selected, when creating messages the user can use another email account's address history.
      
      If this check box is cleared, used email addresses are not synchronized. When creating a message, the user of an iOS MDM device cannot use another email account's address history.
      
      This check box is selected by default.
    - Allow using only the Mail app
      Use of only the standard iOS mail client for processing messages.
      
      If the check box is selected, the user can use email only in the standard iOS email client.
      
      If the check box is cleared, the user can use email both in the standard iOS email client and in other apps.
      
      This check box is cleared by default.
    - Use SSL connection
      Select this check box to use the SSL (Secure Sockets Layer) data transport protocol to secure the transmission of data.
      
      This check box is selected by default.
  - In the Signature and encryption section, configure the settings for signing and encrypting outgoing mail using the S/MIME protocol in the Mail app. S/MIME is a protocol for transmitting digitally signed encrypted messages. S/MIME provides cryptographic security capabilities such as authentication, message integrity control, and non-repudiation of origin (using digital signatures). The protocol also uses encryption to help improve the level of confidentiality and security of data in email messages.
    - Sign messages
      Digital signature of outgoing messages in the Mail app.
      
      If the check box is selected, outgoing messages are signed with a digital signature using the S/MIME protocol. A digital signature confirms the authenticity of the sender and indicates that the contents of the message have not been modified during transmission to the recipient. A recipient certificate (public key) must be selected for a message signature.
      
      This check box is cleared by default.
    - Signing certificate for outgoing messages
      Certificate for signing outgoing messages with a digital signature using the S/MIME protocol. The digital signature guarantees that the message was sent by the iOS MDM device user. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.
      
      This drop-down list is available only if the Sign messages check box is selected.
    - Encrypt messages by default
      Encryption of outgoing messages in the Mail app.
      
      If the check box is selected, outgoing messages are encrypted by default using the S/MIME protocol. A recipient certificate (public key) must be selected for sending encrypted messages. If a recipient certificate is not installed, messages cannot be encrypted. Encrypted messages can be viewed only by users whose devices have a certificate installed.
      
      This check box is cleared by default.
    - Encryption certificate
      Encryption certificate for encrypting outgoing messages using the S/MIME protocol. Encryption keeps messages confidential during transmission and storage. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.
      
      This drop-down list is available only if the Encrypt messages by default check box is selected.
    - Show toggle button for encrypting selected messages
      Display of the icon in the Mail app in the To field for sending encrypted messages.
      
      If this check box is selected, the mobile device user can encrypt individual messages by clicking the icon.
      
      If the check box is cleared, the icon for encrypting messages is not displayed. In this case, the Encrypt messages by default check box determines whether outgoing mail is encrypted.
Click Add.
The new Exchange ActiveSync account appears in the list.

You can modify or delete Exchange ActiveSync accounts in the list using the Edit and Delete buttons at the top of the list.
Click OK.
Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Exchange ActiveSync accounts from the compiled list are added on the user's mobile device.

Article ID: 274809, Last review: May 15, 2025

Page top