Exchange ActiveSync
Exchange ActiveSync (EAS) lets users access corporate data stored in the Exchange server or any other server which is EAS compliant. Users can access information such as e-mails, contacts, calendar, and tasks even when they are offline. EAS can be configured to use SSL encryption to establish secure communication between the EAS host and the managed devices. Also, MDM lets you store and securely view e-mail attachments using the ManageEngine MDM app. You can configure Exchange ActiveSync for Non-Samsung devices running Android 5.0 or later versions, provisioned as Profile Owner/Device Owner and for Samsung devices running Android 4.0 or later versions.
Learn more about configuring Exchange ActiveSync for Non-Samsung devices here.
The domain name, username, user principal name, and host name used for configuring Exchange ActiveSync, are case-sensitive.
Only devices running Android 5.0 or later versions can be provisioned as Profile Owner or Device Owner.
FEATURE | DESCRIPTION | SAMSUNG | NON-SAMSUNG | ||
---|---|---|---|---|---|
LEGACY | PROFILE OWNER | DEVICE OWNER | |||
Account name (Samsung-only feature, supported for Android 4.0 or later versions) | You can specify a name for your Exchange ActiveSync account. This name is not mandatory and used for reference. | ||||
Exchange host type (Samsung-only feature, supported for Android 4.0 or later versions) | Specify the type of the Exchange Server: whether it is Office 365 or Exchange On-Premises. | ||||
Exchange Server (Supported for Android 4.0 or later versions) | Specify the details of the Exchange Server. If Exchange host type is selected as Office 365, then Exchange Server is pre-filled as outlook.office365.com else the server name has to be specified. | ||||
CONFIGURATION DETAILS | |||||
Configure Exchange account for (Can be configured only if Exchange host type is selected as Exchange On-Premises) | Specify whether EAS is to be configured for a single user or multiple users. | ||||
Identity certificate | Specify the Identity certificate to be used for EAS. | ||||
Select the e-mail client app(s) (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Multiple users. Supported for Android 4.0 or later versions) | The EAS host server syncs with the chosen client app (Samsung Email/Gmail/Microsoft Outlook) after which all the corporate data can be accessed using the app(s) on Samsung devices. | ||||
Select the e-mail client app(s) for Non-Samsung devices (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured for Multiple users. Supported for Android 4.0 or later versions) | The EAS host server syncs with the chosen client app(s) after which all the corporate data can be accessed using the app(s) on Non-Samsung devices. | ||||
Domain (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 4.0 or later versions) | Enter the domain of the Exchange server. Use %domainname% to fetch the appropriate domain name mapped to the device. | ||||
Username (Can be configured only if Exchange host type is selected as Office 365, or Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 4.0 or later versions) | The username contains the name of the user and the user's domain. Use %username% to fetch the appropriate username mapped to the device. It is recommended to use %upn% instead of %username% as it ensures domain and e-mail are fetched in the background and need not be specified separately. | ||||
E-mail (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 4.0 or later versions) | This is the e-mail address to be displayed on the 'From' field of the e-mail. Use %email% to fetch the appropriate e-mail addresses mapped to the devices. | ||||
Password (Can be configured only if Exchange host type is selected as Exchange On-Premises and the Exchange account for is configured as Single user. Supported for Android 4.0 or later versions) | The password associated with the EAS host account has to be specified here. If the password field is left empty, password is prompted once the profile is installed in the device. | ||||
SETTINGS | |||||
Use SSL (Supported for Android 4.0 or later versions) | Enabling this allows usage of Secure Sockets Layer for communication. | ||||
Accept all certificate(s) (Samsung-only feature, supported for Android 4.0 or later versions) | Enabling this allows usage of all the certificates. | ||||
Set as default account (Samsung-only feature, supported for Android 4.0 or later versions) | Enable to set this account as default account. | ||||
ADVANCED SETTINGS | |||||
E-mail retrieval size (Samsung-only feature, supported for Android 4.0 or later versions) | Specify the size allowed to retrieve mails. | ||||
Allow users to modify account settings (Samsung-only feature, supported for Android 4.0 or later versions) | You can choose to allow users to modify the settings. | ||||
Allow forwarding mails to mailboxes on the same device (Samsung-only feature, supported for Android 4.0 or later versions) | Enabling this allows users to forward mails. | ||||
Allow HTML format (Samsung-only feature, supported for Android 4.0 or later versions) | If this is enabled, then users can forward mails in HTML format. | ||||
Allow incoming attachments | Enabling this allows mails with incoming attachments. If this is disabled, then attachments cannot be opened by the users. | ||||
Signature | You can specify the default signature, which needs to be set for the account. You can also make use of dynamic variables to create a signature template which can be used by multiple users. | ||||
Notification of incoming e-mails (Samsung-only feature, supported for Android 4.0 or later versions) | Users are notified, when mails are received. | ||||
Vibrate (Samsung-only feature, supported for Android 4.0 or later versions) | If enabled, devices vibrate to notify about the incoming mails. | ||||
SYNC SETTINGS | |||||
Sync (Samsung-only feature, supported for Android 4.0 or later versions) | You can choose the type of data to be synced from the server, like mail, contacts, notes, calendar, and tasks. | Partially Supported - Notes and Tasks can be synced | Partially Supported - Notes and Tasks can be synced | ||
Sync schedule (Samsung-only feature, supported for Android 4.0 or later versions) | Specify the frequency for the sync. | ||||
Sync mails from | You can specify the number of days, based on which the sync should happen. | ||||
Sync calendar from (Samsung-only feature, supported for Android 4.0 or later versions) | You can specify the days, based on which the sync should happen. | ||||
Sync while roaming | You can specify sync settings, when the device is in roaming. | ||||
ADVANCED SYNC SETTINGS | |||||
Sync schedule during peak days (Can be configured only if Advanced Sync Settings is selected)(Samsung-only feature, supported for Android 4.0 or later versions) |
You can specify when the sync should happen on peak days. | ||||
Peak days (Can be configured only if Advanced Sync Settings is selected)(Samsung-only feature, supported for Android 4.0 or later versions) |
You can specify the days, which should be considered as working/business days. | ||||
Peak hours (Can be configured only if Advanced Sync Settings is selected)(Samsung-only feature, supported for Android 4.0 or later versions) |
Specify the working/business hours, which should be considered as peak hours. |
Note: In Android Go devices, the Exchange profile will be applied to Gmail Go app by default.
Dynamic Variables :
The below mentioned dynamic variables retrieve the data of the users added during enrollment.
- %email% : Fetches the appropriate e-mail addresses of the users to whom the profile is associated.
- %domainname% : Fetches the domain name of the users to whom the profile is associated.
- %upn% : Gets the appropriate user principal name, mapped to the device.
- %display_name% : Fetches the AD display name of the user to be invited.
- %first_name% : Fetches the first name of the user to be invited.
- %last_name% : Fetches the last name of the user to be invited.
- %middle_name% : Fetches the middle name of the user to be invited.
All Exchange ActiveSync features mentioned above are also applicable for Knox Containers.
If an Exchange account has been previously configured on the device, another account based on the MDM configuration gets added to the device on successful profile association.
NOTE: Ensure the maximum limit for the number of devices per mailbox is not reached while pushing Exchange ActiveSync profile.
Troubleshooting tips
- I've changed the passcode for the Exchange accounts of all users. But they're still able to access it as they've logged in previously. How do I ensure the user logs in with the new passcode?
- Open IIS on the server machine, where your Exchange Server is running.
- In the Connections pane, expand the Server node and click Application Pools.
- In the Application Pools page, select MSExchangeSyncAppPool and click on Recycle and follow the on-screen instructions to refresh the session tokens on the devices. Users whose passwords have been changed are prompted for the new password, as the old passwords cannot renew the session.
- The Exchange account configured via MDM is configured on the Gmail app instead of the default e-mail client present on the device.
This occurs in case of Samsung devices running Android 8.0 or later versions enrolled with MDM through any enrollment method except via invites. In the specified set of devices, the default mail app is not a system app and thus can be removed by the user. To overcome this, Exchange configured via MDM gets associated with Gmail. However, when devices are enrolled via invites, Exchange gets associated to the default mail app present on the device.