pdf icon
Category Filter

Exchange ActiveSync

Exchange ActiveSync (EAS) lets users access corporate data stored in the Exchange server or any other server which is EAS compliant. Users can access information such as e-mails, contacts, calendar, and tasks even when they are offline. EAS can be configured to use SSL encryption to establish secure communication between the EAS host and the managed devices. Also, MDM lets you store and securely view e-mail attachments using the ManageEngine MDM app. You can configure Exchange ActiveSync for Non-Samsung devices running Android 5.0 or later versions, provisioned as Profile Owner/Device Owner and for Samsung devices running Android 5.0 or later versions.

Note: Outlook app will work only on devices with Android OS version 8.0 and above.

Learn more about configuring Exchange ActiveSync for Non-Samsung devices here.

  • The domain name, username, user principal name, and host name used for configuring Exchange ActiveSync, are case-sensitive.
  • The User Principal Name(UPN) of the user should be added in the certifcate's Subject or Subject Alternative Name fields.

Only devices running Android 5.0 or later versions can be provisioned as Profile Owner or Device Owner.

  • Addition of email accounts in Outlook app cannot be restricted as the account will be added inside the app which the system cannot detect. However, accounts added in other email clients can be restricted as they will be added to the device.
  • When an exchange profile is applied on a device which has add account restriction, the restriction will be disabled till the exchange account is configured.
  • Conditional Exchange Access is supported on Gmail app and the Native e-mail app for Samsung devices running less than 8.0.
FEATURE DESCRIPTION KNOX-ENABLED SAMSUNG NON-SAMSUNG
LEGACY PROFILE OWNER DEVICE OWNER
Account name (Samsung-only feature, supported for Android 5.0 or later versions) You can specify a name for your Exchange ActiveSync account. This name is not mandatory and used for reference. success failured failured failured
Exchange host type  Specify the type of the Exchange Server: whether it is Office 365 or Exchange On-Premises. success failured failured failured
Exchange Server (Supported for Android 5.0 or later versions) Specify the details of the Exchange Server. If Exchange host type is selected as Office 365, then Exchange Server is pre-filled as outlook.office365.com else the server name has to be specified. success failured success success
CONFIGURATION DETAILS
Configure Exchange account for (Can be configured only if Exchange host type is selected as Exchange On-Premises) Specify whether EAS is to be configured for a single user or multiple users. success failured success success
Identity certificate Specify the Identity certificate to be used for EAS. success failured success success
Select the e-mail client app(s). Supported for Android 5.0 or later versions) The EAS host server syncs with the chosen client app (Samsung Email/Gmail/Microsoft Outlook) after which all the corporate data can be accessed using the app(s) on Samsung devices.
Note: Permissions of the above email apps can be managed through managed app permissions.
success failured success success
Select the e-mail client app(s) for Non-Samsung devices (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured for Multiple users. Supported for Android 5.0 or later versions) The EAS host server syncs with the chosen client app(s) after which all the corporate data can be accessed using the app(s) on Non-Samsung devices. success failured success success
Domain (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 5.0 or later versions) Enter the domain of the Exchange server. Use %domainname% to fetch the appropriate domain name mapped to the device. success failured success success
Username (Can be configured only if Exchange host type is selected as Office 365, or Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 5.0 or later versions) The username contains the name of the user and the user's domain. Use %username% to fetch the appropriate username mapped to the device. It is recommended to use %upn% instead of %username% as it ensures domain and e-mail are fetched in the background and need not be specified separately. success failured success success
E-mail (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 5.0 or later versions) This is the e-mail address to be displayed on the 'From' field of the e-mail. Use %email% to fetch the appropriate e-mail addresses mapped to the devices. success failured success success
Password (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 5.0 or later versions) The password associated with the EAS host account has to be specified here. If the password field is left empty, password is prompted once the profile is installed in the device. success failured success success
SETTINGS
Use SSL (Supported for Android 5.0 or later versions) Enabling this allows usage of Secure Sockets Layer for communication. success failured success success
Accept all certificate(s) (Samsung-only feature, supported for Android 5.0 or later versions) Enabling this allows usage of all the certificates. success failured success success
Set as default account (Samsung-only feature, supported for Android 5.0 or later versions) Enable to set this account as default account. success failured failured failured
ADVANCED SETTINGS
E-mail retrieval size (Samsung-only feature, supported for Android 5.0 or later versions) Specify the size allowed to retrieve mails. success failured failured failured
Allow users to modify account settings (Samsung-only feature, supported for Android 5.0 or later versions) You can choose to allow users to modify the settings. success failured failured failured
Allow forwarding mails to mailboxes on the same device (Samsung-only feature, supported for Android 5.0 or later versions) Enabling this allows users to forward mails. success failured failured failured
Allow HTML format (Samsung-only feature, supported for Android 5.0 or later versions) If this is enabled, then users can forward mails in HTML format. success failured failured failured
Allow incoming attachments Enabling this allows mails with incoming attachments. If this is disabled, then attachments cannot be opened by the users. success failured failured failured
Signature You can specify the default signature, which needs to be set for the account. You can also make use of dynamic variables to create a signature template which can be used by multiple users. success failured success success
Notification of incoming e-mails (Samsung-only feature, supported for Android 5.0 or later versions) Users are notified, when mails are received. success failured failured failured
Vibrate (Samsung-only feature, supported for Android 5.0 or later versions) If enabled, devices vibrate to notify about the incoming mails. success failured failured failured
SYNC SETTINGS
Sync (Samsung-only feature, supported for Android 5.0 or later versions) You can choose the type of data to be synced from the server, like mail, contacts, notes, calendar, and tasks. success failured Partially Supported - Notes and Tasks can be synced Partially Supported - Notes and Tasks can be synced
Sync schedule (Samsung-only feature, supported for Android 5.0 or later versions) Specify the frequency for the sync. success failured failured failured
Sync mails from You can specify the maximum number of days, based on which the sync should happen. success failured success success
Sync calendar from (Samsung-only feature, supported for Android 5.0 or later versions) You can specify the days, based on which the sync should happen. success failured failured failured
Sync while roaming You can specify sync settings, when the device is in roaming. success failured failured failured
ADVANCED SYNC SETTINGS
Sync schedule during peak days
(Can be configured only if Advanced Sync Settings is selected)(Samsung-only feature, supported for Android 5.0 or later versions)
You can specify when the sync should happen on peak days. success failured failured failured
Peak days
(Can be configured only if Advanced Sync Settings is selected)(Samsung-only feature, supported for Android 5.0 or later versions)
You can specify the days, which should be considered as working/business days. success failured failured failured
Peak hours
(Can be configured only if Advanced Sync Settings is selected)(Samsung-only feature, supported for Android 5.0 or later versions)
Specify the working/business hours, which should be considered as peak hours. success failured failured failured

Note: In Android Go devices, the Exchange profile will be applied to Gmail Go app by default.

Dynamic Variables :

The below mentioned dynamic variables retrieve the data of the users added during enrollment.

  • %email% : Fetches the appropriate e-mail addresses of the users to whom the profile is associated.
  • %domainname% : Fetches the domain name of the users to whom the profile is associated.
  • %upn% : Gets the appropriate user principal name, mapped to the device.
  • %display_name% : Fetches the AD display name of the user to be invited.
  • %firstname% : Fetches the first name of the user to be invited.
  • %last_name% : Fetches the last name of the user to be invited.
  • %middle_name% : Fetches the middle name of the user to be invited.

All Exchange ActiveSync features mentioned above are also applicable for Knox Containers.

If an Exchange account has been previously configured on the device, another account based on the MDM configuration gets added to the device on successful profile association.

NOTE: Ensure the maximum limit for the number of devices per mailbox is not reached while pushing Exchange ActiveSync profile.

Enable OAuth or Multi-Factor Authentication (MFA)

Follow the below mentioned steps to enable OAuth or Multi-Factor Authentication (MFA) for Gmail App.

  1. Go to Device Mgmt and select App Repository.
  2. Click on the Gmail app and select Configurations.
  3. Select Allow Modern Authentication for Authentication types.
  4. Click on Save.

Now, you can distribute the app to devices or groups according to the requirement.

Troubleshooting tips

  1. I've changed the passcode for the Exchange accounts of all users. But they're still able to access it as they've logged in previously. How do I ensure the user logs in with the new passcode?
    • Open IIS on the server machine, where your Exchange Server is running.
    • In the Connections pane, expand the Server node and click Application Pools.
    • In the Application Pools page, select MSExchangeSyncAppPool and click on Recycle and follow the on-screen instructions to refresh the session tokens on the devices. Users whose passwords have been changed are prompted for the new password, as the old passwords cannot renew the session.
    • Exchange ActiveSync Troubleshooting
  2. The Exchange account configured via MDM is configured on the Gmail app instead of the default e-mail client present on the device.This occurs in case of Samsung devices running Android 8.0 or later versions enrolled with MDM through any enrollment method except via invites. In the specified set of devices, the default mail app is not a system app and thus can be removed by the user. To overcome this, Exchange configured via MDM gets associated with Gmail. However, when devices are enrolled via invites, Exchange gets associated to the default mail app present on the device.

 

Jump To