The final step in setting up the Exchange Active Sync Certificate Authentication is creating and deploying the Workspace ONE UEM profile that pushes the Exchange Server settings to the device. This profile contains the information necessary for the device to connect to Exchange, as well as the certificate that the device uses to authenticate.

  1. Navigate to Devices > Profiles > List View.
  2. Click Add.

  3. Click the applicable device platform to launch the Add a New Profile dialog.

  4. Configure the General settings for the profile. The General settings determine how the profile is deployed and who receives it as well as other overall settings.

  5. Select Credentials from the profile options at left and then select Configure.

  6. Select Define Certificate Authority from the Credential Source drop-down menu.

  7. Select the certificate authority you created previously from the Certificate Authority drop-down menu.

  8. Select the certificate template you created previously from the Certificate Template drop-down menu.

  9. Select Exchange ActiveSync from the profile options at left and then select Configure.

    You must configure the Credentials payload settings before the Exchange ActiveSync payload settings.

  10. Configure the Exchange ActiveSync settings:

    • Enter an account name in the Account Name field. This is the name that displays on the device to indicate which email account is active so it should be accurately descriptive.

    • Enter the Exchange ActiveSync host in the Exchange Active Sync Host data entry field. This is the actual endpoint of the mail server.

      Do not include “http://”, “https://” at the beginning or “/Microsoft-server-activesync” at the end.

    • Ensure the Use SSL checkbox is selected. Authentication using certificates fails over a non-SSL connection.
    • Deselect the Use S/MIME checkbox if enabled by default.
    • The Domain data entry field should contain the email domain for the user account.
    • The Username data entry field should contain the email address of the user when on the device.
    • The Email Address text box should contain the email address of the user when on the device

      Domain, Username, and Email Address can be obtained using Lookup Values which will retrieve the text stored in the applicable field of the User Profile.

    • Select the credential you created previously from the Payload Certificate drop-down menu.
  11. Click Save or select Save and Publish to publish this profile to a device.