You can create a configuration profile to configure Microsoft Exchange ActiveSync accounts on iOS, iPadOS, and visionOS devices.
Requirements
If you plan on routing traffic through a VPN, you must configure and add a VPN payload to the configuration profile before adding the Exchange ActiveSync payload.
If you plan on using certificate-based authentication, you must configure and add a Certificate payload to the configuration profile before adding the Exchange ActiveSync payload.
In Jamf Pro, click Devices in the sidebar.
Click Configuration Profiles in the sidebar.
Click New .
Use the General payload to configure basic settings for the profile, including the level at which to apply the profile and the distribution method.
Click the Exchange ActiveSync payload.
Click Configure.
Enter your Microsoft Exchange ActiveSync account name in the Account Name field.
Enter your Microsoft Exchange server URL in the Exchange ActiveSync Host field.
Example:
outlook.office.365.com
(Optional) Select the Use SSL checkbox.
(Optional) Choose a VPN connection from the VPN Connection pop-up menu.
Note:
Eligible VPN connections will appear in this pop-up menu. The VPN payload must be configured in the configuration profile before adding the Exchange ActiveSync payload.
(Optional) Enter the domain for the account in the Domain field.
(Optional) Enter the user for the account in the User field.
Note:
To prompt the user for their username and password on the device, you must leave both the Domain and User fields blank.
Enter the email address for the account in the Email Address field.
(Optional) Select the Use OAuth for authentication checkbox.
Note:
Keep the following in mind when using OAuth for authentication:
If you select the Use OAuth for authentication checkbox, you will need to fill in both the OAuth Sign In URL and the OAuth Token Request URL fields. You will not be required to enter the password mentioned in step 15.
The format for the OAuth Sign In URL is https://login.microsoftonline.com/tenant_ID/oauth2/v2.0/authorize.
The format for the OAuth Token Request URL is https://login.microsoftonline.com/tenant_ID/oauth2/v2.0/token.
You will need your Microsoft Entra tenant ID in order to accurately complete these fields. To find your tenant ID, navigate to portal.azure.com > Microsoft Entra ID > Properties.
Enter the password for the account in both the Password and Verify Password fields.
(Optional) Select the Override Current Password checkbox if you want to replace the user's current password with the password specified in the fields mentioned in step 15.
Choose the number of past days of mail to synchronize from the Past Days Of Mail to Sync pop-up menu.
(Optional) Choose a credential for authenticating the ActiveSync account from the Authentication Credential pop-up menu.
Note:
If using certificate-based authentication, eligible certificates will appear in this pop-up menu. The Certificate payload must be configured in the configuration profile before adding the Exchange ActiveSync payload.
Configure the mail settings as necessary.
Configure the options under the Enable Services section.
Note:
At least one service must be enabled.
Configure the options under the User Override section.
(Optional) Configure the Communication Service Rules section.
Click the Scope tab, and then configure the target devices or device groups.
Click Save .
The profile is distributed to the devices in the scope. After the profile is installed, the user is prompted for their Exchange password. If you are using certificate-based authentication, the user will not be prompted for a password.