Email & Exchange Active Sync configuration

Profile configuration in the E-Mail & Exchange Active Sync menu item

Last adaptation to the version: 2.7

New:

Additional S/MIME options for Exchange accounts
Using the user certificate for Exchange accounts

Correction of the email address for Office365

notempty

This article refers to a Beta version

Partial configuration for profiles in the Mobile Security Portal.
Further information is displayed here:

MS/deployment/user (← links)
MS (← links)
MS/deployment/profile-shared-iPad (transclusion) (← links)
MS/deployment/profile-Device (transclusion) (← links)
MS/deployment/profile-User (transclusion) (← links)

Email & Exchange Active Sync

Multiple mail accounts can be set up in the Email settings section.
These settings affect IMAP or POP3 accounts. Settings for Exchange ActiveSync must be made in the corresponding menu item!

Email accounts

Add account

Operation

Default

Description

Email settings

Account description

The display name of the account (e.g. "Company Mail Account")

Account name

The display name of the user (e.g. "John Appleseed")
Variables can be used as well.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

The display name can be combined with the variable %device_user_name%. The variable reads from the user settings of the user to whom the respective device is assigned the fields first name and last name. e.g.: %device_user_name% | ttt-Point AG → Martin Müller | ttt-Point AG

Email address

The address of the account (e.g. "john@company.com")
The entry $emailaddress$ reads the email address from the user settings of the user to whom the device is assigned.
Variables can be used as well.

The entries $variable1$, $variable2$ and $variable3$ can be defined individually.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Prevent move

If set to true, messages may not be moved out of this email account into another account

Disable email recipient synchronization

If set to true, this account is excluded from address "recent" syncing

Allow Mail drop

If set to true, this account is allowed to use Mail drop

Prevent App Sheet

If set to true, this account will not be available for sending mail in third party applications

S/MIME Enabled

If set to true, this account will support S/MIME

S/MIME signing enabled

S/MIME encryption enabled

S/MIME enable Per-Message Switch

If set to true, enables the per-message encryption switch

Incoming mails

Operation

Default

Description

Mail server

Hostname or IP address

Port

993

Port number for incoming mail

Account type

IMAP

POP

The protocol for accessing the email account

Username

Select user

The username used to connect to the server for incoming emails
Variables can be used as well.
$emailaddress$, $username$, $variable1$, $variable2$, $variable3$

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Examples:

The email user name is identical to the device user name: ttt-point.local\%device_user_username%
The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

Path prefix

Path prefix for IMAP mail server

Incoming Mail Server authentication

authentication method

The authentication method for the incoming mail server
None
Password
CrammD5
NTLM
HTTPMD5

Password

The password for the incoming mail server

Use SSL

Incoming email retrieval via Secure Socket Layer

Outgoing mails

Operation

Default

Description

Mail server

Hostname or IP address for outgoing email

Port

587

The port number for outgoing email

Username

Select user

The username used to connect to the server for outgoing mail
Variables can be used as well. $emailaddress$, $username$, $variable1$, $variable2$, $variable3$

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Examples:

The email user name is identical to the device user name: ttt-point.local\%device_user_username%
The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

authentication type

authentication method

The authentication method for the outgoing mail server
Password
CrammD5
NTLM
HTTPMD5

Outgoing Password: Same as incoming

SMTP authentication uses the same password as POP/IMAP server for incoming emails


Password	Password	The password for the outgoing mail server

Use SSL

Send outgoing email through Secure Socket Layer

Exchange accounts

Add account

Configuration for Exchange mails retrieved via https connections

Configuration by clicking on Activate Exchange ActiveSync

Operation

Default

Description

Settings Exchange ActiveSync

Account name

The display name of the user (e.g. "John Appleseed"). Different variables can be used.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Exchange ActiveSync Host

Enter host

Host name or IP address of the Exchange server

Past days of mail to sync

Synchronization period

Use SSL

Encrypts all messages with SSL (Secure Socket layer)

Email address

Select email address

The address of the account to be synchronized (e.g. "john@company.com") Variables can be used as well.

The entries $variable1$, $variable2$ and $variable3$ can be defined individually.

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Domain\User

Username

Mail domain and mail user

The field must remain empty if the device should ask.
If the domain should be entered automatically, this can be configured on the server.

Variables can be used as well.
$emailaddress$, $username$, $variable1$, $variable2$, $variable3$

The values are taken from the user settings of the user to whom the respective device is assigned

Variable name in profiles	Description	Example
$username$ alternative names: %device_user% %device_user_username%	Username	jdoe
$emailaddress$ alternative name: %device_email%	Email address	jdoe@ttt-point.de
$firstname$ alternative name: %device_user_firstname%	First name	John
$lastname$ alternative name: %device_user_lastname%	Last name	Doe
$name$ alternative name: %device_user_name%	First name and surname	John Doe
$variable1$ alternative name: %variable1%	custom value	jdoe/ttt-point.local
$variable2$ alternative name: %variable2%	custom value
$variable3$ alternative name: %variable3%	custom value
$device_name$ alternative name: %device_name%	Only for iOS: The name assigned on the phone (see: Settings → General → Info → Name) This variable can also be used in iOS profiles in the Shared device section	Cell phone from Markus Müller
$device_alias$ alternative name: %device_alias%	Only for iOS: The alias assigned in the portal. If the alias is not assigned, the device_name is displayed. This variable can also be used in iOS profiles in the Shared device section	Tablet Storage1
Defining the values in the user administration in the portal under: General Users or for the device alias in the device tile. To avoid input errors, different variable names are possible for compatibility reasons. A distinction between Android and iOS is no longer necessary.

Examples:

The email user name is identical to the device user name: ttt-point.local\%device_user_username%
The email user name is stored in the user settings as variable1: ttt-point.local\%variable1%

Password

The password for the account

Use OAuth

Specifies whether the connection should use OAuth for authentication. notempty

If OAuth is specified, the password field should remain blank

Payload certificate UUID

Select certificate

UUID of the certificate that is used for authentication
notempty

New as of: 2.7

The user certificate usercertuser_certusercert can be used

Prevent move

If set to true, messages may not be moved out of this email account into another account

Prevent App sheet

If set to true, this account will not be available for sending mail in third party applications

Allow Mail Drop

If set to true, this account is allowed to use Mail Drop

S/MIME enabled

If set to true, this account will support S/MIME

S/MIME encryption enabled

If set to true, this account will support message encryption

S/MIME encryption overridable

Allow users to enable or disable S/MIME encryption

S/MIME signing enabled

If set to true, this account will enable message signing

S/MIME signing overridable

Allow users to enable or disable S/MIME signing

S/MIME signing certificate

None

The UUID of the certificate used to sign messages sent by this user
notempty

New as of: 2.7

The user certificate usercertuser_certusercert can be used

S/MIME signing certificate overridable

Allow users to change the S/MIME signing certificate

S/MIME encryption certificate

None

The UUID of the certificate used to decrypt received messages
notempty

New as of: 2.7

The user certificate usercertuser_certusercert can be used

S/MIME encryption certificate overridable

Allow users to change the S/MIME encryption certificate

S/MIME enable Per-Message Switch

If set to true, enables the per-message encryption switch

Disable email recipient synchronization

If this value is set to true, this account will be excluded from the synchronization of the "Recent" addresses

Activate calendar

Calendar overwritable

Allow account to enable/disable calendar

Enable/disable contacts

Enable contacts

Contacts overwritable

Allow account to enable/disable contacts

Enable email

Mail overwritable

Allow account to enable/disable mail

Enable notes

Allow account to enable/disable notes

Enable reminders

Reminders overwritable

Allow the account to enable/disable reminders

Overwrite previous password

Audio calls

Enter ID

The bundle ID of the application that processes audio calls made to contacts from this account

Example: Office365 accounts

Example: Integration of an Office 365 account with OAuth

OAuth only works with ActiveSync
Configuration in the Email & Exchange Active Sync tab when adding an Exchange Account

The OAuth data of other providers can be obtained exclusively and directly from these providers

Operation	Value	Description
Account name	Account name	Name of the user to be displayed
Exchange ActiveSync Host	outlook.office365.com	Example for Office365
Number of days in which the emails from the past are synchronized	Forever	Possible values: 1 day, 3 days, 1 week, 2 weeks, 1 month, forever
Use SSL		Sends all communications via Secure Socket Layer. notempty Securepoint recommends to activate the option
Email address	alice@ttt-point.onmicrosoft.de	Possible addresses are selectable from the dropdown menu incl. variables that take the information from the user data
Domain\User	alice@ttt-point.onmicrosoft.de	The previously selected e-mail address of the user
Password		The password for the email account on the mail server notempty If OAuth is specified, the password field should remain blank
Use OAuth		Specifies whether the connection should use OAuth for authentication. Must be activated on the mail server! If OAuth is specified, the password field should remain blank
OAuth login URL	https://login.microsoftonline.com/common/oauth2/v2.0/authorize	Login URL Here shown for Office365 accounts (example)
OAuth token request URL	https://login.microsoftonline.com/common/oauth2/v2.0/token	OAuth token request URL Here shown for Office365 accounts (example)
Payload certificate UUID:	None	If the authentication on the Exchange server is to be done with a certificate, this can be selected here. notempty Additionally, in the Certificates tab, the desired certificate must be added in the click box to be transferred to the device.