Apple Device Policy ToolsApple Device Policy Tools
Back to Explorer
GitHub YAMLApple Docs

Account:Exchange ()

The declaration to configure an Exchange account.

iOS(15.0)macOS(13.0)visionOS(1.1)
Branch: release

Settings (38)

SettingTypeRequiredDefaultManual InstallSupported OS
Account Name
VisibleName
The name that apps show to the user for this Exchange account. If not present, the system generates a suitable default.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
Enabled Protocol Types
EnabledProtocolTypes
The set of protocol types to enable on the Exchange server, in order of preference. This is an array of unique strings with possible values: - `EAS:` Exchange ActiveSync - `EWS:` Exchange Web Services If the device supports one or more of the listed protocol types, it sets up an account for the first supported type. If the device doesn't support any of the listed protocol types, it doesn't set up an account and the system reports an error.
1 subkey
arrayrequired
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─
EnabledProtocolTypesItem
EnabledProtocolTypesItem
stringrequired
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
User Identity Asset Reference
UserIdentityAssetReference
The identifier of an asset declaration that contains the user identity for this account. The corresponding asset must be of type `UserIdentity`.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
Server Host Name
HostName
The IP address or fully qualified domain name (FQDN) of the Exchange host.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
Server Port
Port
The port number of the EWS server. The system uses this only when this declaration has a `HostName` value.
integeroptional
No
Server Path
Path
The path of the EWS server. The system uses this only when this declaration has a `HostName` value.
stringoptional
No
Server External Host Name
ExternalHostName
The external hostname of the EWS server (or IP address).
stringoptional
No
Server External Port
ExternalPort
The external port number of the EWS server. The system uses this only when this declaration has a `ExternalHostName` value.
integeroptional
No
Server External Path
External Path
The external path of the EWS server. The system uses this only when this declaration has a `ExternalHostName` value.
stringoptional
No
Controls use of OAuth
OAuth
The configuration settings for OAuth for this account.
3 subkeys
dictionaryoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─
Use OAuth
Enabled
If `true`, enables OAuth for this account.
booleanrequired
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─
SignInURL
SignInURL
The URL that this account uses for signing in with OAuth. The system ignores this value unless `Enabled` is `true`. The system doesn't use autodiscovery when a declaration contains this URL, so the declaration must also contain a `HostName`.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─
TokenRequestURL
TokenRequestURL
The URL that this account uses for token requests with OAuth. The system ignores this value unless `Enabled` is `true`.
stringoptional
No
Authentication Credentials Asset Reference
AuthenticationCredentialsAssetReference
The identifier of an asset declaration that contains the credentials for this account to authenticate with an Exchange server. Set the corresponding asset type to `CredentialUserNameAndPassword`.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
Authentication Identity Asset Reference
AuthenticationIdentityAssetReference
The identifier of a credential asset declaration that contains the identity that this account requires to authenticate with the Exchange server.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
S/MIME Settings
SMIME
Settings for S/MIME.
2 subkeys
dictionaryoptional
Yes
iOS (17.0+)
└─
S/MIME Signing Settings
Signing
Settings for S/MIME signing.
4 subkeys
dictionaryoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Signing Enabled
Enabled
If `true`, the system enables S/MIME signing.
booleanrequired
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
S/MIME Signing Identity Asset Reference
IdentityAssetReference
Specifies the identifier of an asset declaration containing the identity required for S/MIME signing of messages sent from this account.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Signing User Overrideable
UserOverrideable
If `true`, the user can turn S/MIME signing on or off in Settings.
booleanoptionalfalse
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Signing Identity User Overrideable
IdentityUserOverrideable
If `true`, the user can select an S/MIME signing identity in Settings.
booleanoptionalfalse
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─
S/MIME Encryption Settings
Encryption
Settings for S/MIME encryption.
5 subkeys
dictionaryoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Encryption By Default Enabled
Enabled
If `true`, the system enables S/MIME encryption by default, which the user can't override if `PerMessageSwitchEnabled` is `false`.
booleanrequired
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
S/MIME Encryption Identity Asset Reference
IdentityAssetReference
Specifies the identifier of an asset declaration containing the identity required for S/MIME encryption. The system attaches the public certificate to outgoing mail to allow the user to receive encrypted mail. When the user sends encrypted mail, the system uses the public certificate to encrypt the copy of the mail in their Sent mailbox.
stringoptional
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Encryption By Default User Overrideable
UserOverrideable
If `true`, the user can turn S/MIME encryption by default on or off in Settings.
booleanoptionalfalse
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Encryption Identity User Overrideable
IdentityUserOverrideable
If `true`, the user can select an S/MIME signing identity in Settings.
booleanoptionalfalse
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
└─ └─
Per Message Switch Enabled
PerMessageSwitchEnabled
If `true`, the system enables the per-message encryption switch in the compose view.
booleanoptionalfalse
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
MailServiceActive
MailServiceActive
If `true`, the system activates the mail service for this account.
booleanoptionaltrue
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
LockMailService
LockMailService
If `true`, the system prevents the user from changing the status of the mail service for this account.
booleanoptionalfalse
No
ContactsServiceActive
ContactsServiceActive
If `true`, activates the address book service for this account.
booleanoptionaltrue
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
LockContactsService
LockContactsService
If `true`, the system prevents the user from changing the status of the address book service for this account.
booleanoptionalfalse
No
CalendarServiceActive
CalendarServiceActive
If `true`, activates the calendar service for this account.
booleanoptionaltrue
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
LockCalendarService
LockCalendarService
If `true`, the system prevents the user from changing the status of the calendar service for this account.
booleanoptionalfalse
No
RemindersServiceActive
RemindersServiceActive
If `true`, the system activates the reminders service for this account.
booleanoptionaltrue
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
LockRemindersService
LockRemindersService
If `true`, the system prevents the user from changing the status of the reminders service for this account.
booleanoptionalfalse
No
NotesServiceActive
NotesServiceActive
If `true`, the system activates the notes service for this account.
booleanoptionaltrue
Yes
iOS (15.0+)macOS (13.0+)visionOS (1.1+)
LockNotesService
LockNotesService
If `true`, the system prevents the user from changing the status of the notes service for this account.
booleanoptionalfalse
No