To deploy EAS Mail using Gmail Client (Android), create a configuration profile for the Gmail Client.

  1. Navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android.
  2. Select Device to deploy your profile to a device.
  3. Configure the profile's General settings. These settings determine how the profile deploys and who receives it.
  4. Select the Exchange ActiveSync payload.
  5. Configure Exchange ActiveSync settings.
    Setting Description
    Mail Client Select Gmail as the mail client type.
    Account Name Enter a description for the mail account.
    Exchange ActiveSync Host

    Enter the external URL of your company's ActiveSync server.

    The ActiveSync server can be any mail server that implements the ActiveSync protocol, such as HCL Notes Traveler, Novell Data Synchronizer, and Microsoft Exchange. In the case of Secure Email Gateway (SEG) deployments, use the SEG URL and not the email server URL.

    Ignore SSL errors Enable to allow devices to ignore SSL errors for Workspace ONE Intelligent Hub processes.
    Domain

    Enter the end-user's domain.

    You can use the Lookup Values instead of creating individual profiles for each end user.

    User

    Enter the end-user's username.

    You can use the Lookup Values instead of creating individual profiles for each end user.

    Email Address

    Enter the end-user's email address.

    You can use the lookup values instead of creating individual profiles for each end user.

    Note: If you are using the custom attribute for GSuite, then you must use the custom attribute lookup value for the Email Address field on the Exchange ActiveSync email profile. See, Configuring User Attribute for MEM Calls to Google Suite.
    Password

    Enter the password for the end user.

    You can use the Lookup Values instead of creating individual profiles for each end user.

    Identity ceritificate

    Select (if desired) an Identity Certificate from the drop-down if you require the end user to pass a certificate in order to connect to the Exchange ActiveSync, otherwise select None (default).

    For more information needed to select a certificate for this payload, see Deploying Credentials profile.

    Past Days of Mail to Sync Select the number of days worth of past mail to sync with device.
    Past Days of Calendar to Sync Select the number of past days to sync on the device calendar.
    Sync Calendar Enable to allow calendars to sync with device.
    Sync Contacts Enable to allow contacts to sync with device.
    Allow Sync Tasks Enable to allow tasks to sync with device.
    Maximum Email Truncation Size Specify the size beyond which e-mail messages are truncated when they are synced to the devices.
    Email Signature Enter the email signature to be displayed on outgoing emails.
    Allow Attachments Enable to allow attachments with email.
    Maximum Attachment Size Specify the maximum attachment size in MB.
    Allow Email Forwarding Enable to allow email forwarding.
    Allow HTML Format

    Specify whether e-mail synchronized to the device can be in HTML format.

    If this setting is set to false, all e-mail is converted to plain text.

    Disable screenshots Enable to disallow screenshot to be taken on the device.
    Sync Interval Enter the number of minutes between syncs.
    Peak Days for Sync Schedule
    • Schedule the peak week days for syncing and the Start Time and End Time for sync on selected days.
    • Set the frequency of Sync Schedule Peak and Sync Schedule Off Peak.

      • Choosing Automatic syncs email whenever updates occur.
      • Choosing Manual only syncs email when selected.
      • Choosing a time value syncs the email on a set schedule.
    • Enable Use SSL, Use TLS and Default Account, if desired.
    S/MIME Settings
    Select Use S/MIME From here you can select an S/MIME certificate you associate as a User Certificate on the Credentials payload.
    • S/MIME Certificate – Select the certificate to be used.
    • Require Encrypted S/MIME Messages – Enable to require encryption.
    • Require Signed S/MIME Messages – Enable to require S/MIME signed messages.

    Provide a Migration Host if you are using S/MIME certificates for encryption.

    Select Save to save the settings or Save & Publish to save and push the profile settings to the required device.

  6. Select Save to save the settings or Save & Publish to save and push the profile settings to the required device.

Configure an EAS Mail Profile for the Native Mail Client

Create an email configuration profile for the native mail client on iOS devices.

  1. Navigate to Devices > Profiles & Resources > Profiles > Add. Select Apple iOS.
  2. Configure the profile's General settings.
  3. Select the Exchange ActiveSync payload.
  4. Select Native Mail Client for the Mail Client. Fill in the Account Name text box with a description of this mail account. Fill in the Exchange ActiveSync Host with the external URL of your company's ActiveSync server.
    Note: The ActiveSync server can be any mail server that implements the ActiveSync protocol, such as HCL Notes Traveler, Novell Data Synchronizer, and Microsoft Exchange. In the case of Secure Email Gateway (SEG) deployments, use the SEG URL and not the email server URL.
  5. Select the Use SSL check box to enable Secure Socket Layer use for incoming email traffic.
  6. Select the S/MIME check box to use more encryption certificates. Prior to enabling this option, ensure you have uploaded necessary certificates under Credentials profile settings.
    1. Select the S/MIME Certificate to sign email messages.
    2. Select the S/MIME Encryption Certificate to both sign and encrypt email messages.
    3. Select the Per Message Switch check box to allow end users to choose which individual email messages to sign and encrypt using the native iOS mail client (iOS 8+ supervised only).
  7. Fill in the Login Information including Domain Name, Username and Email Address using look-up values. Look-up values pull directly from the user account record. To use the {EmailDomain}, {EmailUserName} {EmailAddress} look-up values, ensure your Workspace ONE UEM user accounts have an email address and email user name defined.
  8. Leave the Password field empty to prompt the user to enter a password.
  9. Select the Payload Certificate to define a certificate for cert-based authentication after the certificate is added to the Credentials payload.
  10. Configure the following Settings and Security optional settings, as necessary:
    1. Past Days of Mail to Sync – Downloads the defined amount of mail. Note that longer time periods will result in larger data consumption while the device downloads mail.
    2. Prevent Moving Messages – Disallows moving mail from an Exchange mailbox to another mailbox on the device.
    3. Prevent Use in 3rd Party Apps – Disallows other apps from using the Exchange mailbox to send message.
    4. Prevent Recent Address Syncing – Disables suggestions for contacts when sending mail in Exchange.
    5. Prevent Mail Drop – Disables use of Apple's Mail Drop feature.
    6. (iOS 13) Enable Mail – Enables the configuration of a separate Mail app for the Exchange account.
    7. (iOS 13) Allow Mail toggle – If disabled, prevents the user to toggle Mail on or off.
    8. (iOS 13) Enable Contacts – Enables the configuration of a separate Contacts app for the Exchange account.
    9. (iOS 13) Allow Contacts toggle – If disabled, prevents the user to toggle Contacts on or off.
    10. (iOS 13) Enable Calendars – Enables the configuration of a separate Calendar app for the Exchange account.
    11. (iOS 13) Allow Calendars toggle – If disabled, prevents the user to toggle Calendars on or off.
    12. Enable Notes – Enables the configuration of a separate Notes app for the Exchange account.
    13. (iOS 13) Allow Notes toggle – If disabled, prevents the user to toggle Notes on or off.
    14. (iOS 13) Enable Reminders – Enables the configuration of a separate Reminders app for the Exchange account.
    15. (iOS 13) Allow Reminders toggle – If disabled, prevents the user to toggle Reminders on or off.
  11. Assign a Default Audio Call App that your Native EAS account will use to make calls when you select a phone number in an email message.
  12. Select Save and Publish to push the profile to available devices.

Exchange ActiveSync Profile (Windows Desktop)

The Exchange ActiveSync profiles enable you to configure your Windows Desktop devices to access your Exchange ActiveSync server for email and calendar use.

Use certificates signed by a trusted third-party certificate authority (CA). Mistakes in your certificates expose your otherwise secure connections to potential man-in-the-middle attacks. Such attacks degrade the confidentiality and integrity of data transmitted between product components, and might allow attackers to intercept or alter data in transit.

The Exchange ActiveSync profile supports the native mail client for Windows Desktop. The configuration changes based on which mail client you use.

Removing Profile or Enterprise Wiping

If the profile is removed using the remove profile command, compliance policies, or through an enterprise wipe, all email data is deleted, including:

  • User account/login information.
  • Email message data.
  • Contacts and calendar information.
  • Attachments that were saved to the internal application storage.

Username and Password

If you have email user names that are different than user email addresses, you can use the {EmailUserName} text box, which corresponds to the email user names imported during directory service integration. Even if your user user names are the same as their email addresses, use the {EmailUserName} text box, because it uses email addresses imported through the directory service integration.

Configure an Exchange ActiveSync Profile (Windows Desktop)

Create an Exchange ActiveSync profile to give Windows Desktop devices access to your Exchange ActiveSync server for email and calendar use.

Note: Workspace ONE UEM does not support Outlook 2016 for Exchange ActiveSync profiles. Exchange Web Services (EWS) profile configuration for Outlook Application on a Windows Desktop device through Workspace ONE UEM is no longer supported with Microsoft Exchange 2016 version.
  1. Navigate to Devices > Profiles > List View > Add and select Add Profile.
  2. Select Windows and choose Windows Desktop as the platform.
  3. Select User Profile.
  4. Configure the profile General settings.
  5. Select the Exchange ActiveSync payload.
  6. Configure the Exchange ActiveSync settings:
    Setting Description
    Mail Client Select the Mail Client that the EAS profile configures.

    Workspace ONE UEM supports the Native Mail Client.

    Account Name Enter the name for the Exchange ActiveSync account.
    Exchange ActiveSync Host Enter the URL or IP Address for the server hosting the EAS server.
    Use SSL Enable to send all communications through the Secure Socket Layer.
    Domain

    Enter the email domain.

    The profile supports lookup values for inserting enrollment user login information. For more information, see the Username and Password section at the bottom of the page.

    Username Enter the email user name.
    Email Address Enter the email address. This text box is a required setting.
    Password Enter the email password.
    Identity Certificate Select the certificate for the EAS payload. See Configure a Credentials Payload for more information.
    Next Sync Interval (Min) Select the frequency, in minutes, that the device syncs with the EAS server.
    Past Days of Mail to Sync Select how many days of past emails sync to the device.
    Diagnostic Logging Enable to log information for troubleshooting purposes.
    Require Data Protection Under Lock Enable to require data to be protected when the device is locked.
    Allow Email Sync Enable to allow the syncing of email messages.
    Allow Contacts Sync Enable to allow the syncing of contacts.
    Allow Calendar Sync Enable to allow the syncing of calendar events.
  7. Select Save to keep the profile in the Workspace ONE UEM console or Save & Publish to push the profile to the devices.