Category Filter

How to configure Email on iOS devices?

It is a boon for many organizations to get their users up and running quickly by setting up their mail remotely. With an efficient MDM solution provider such as Hexnode MDM, you can create and configure email settings for iOS devices to allow users to send and receive emails with their corporate email accounts.

The admin can configure the incoming and outgoing mail server settings, choose how users authenticate, enable S/MIME for encryption, and so forth. To set up mail for a large number of devices, use the wildcards feature to auto-populate usernames or email addresses.

Note:

  • This feature is available on all pricing plans except Express.

Configure Email settings on iOS via policy

To configure email settings via policy,

  1. Log in to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to iOS > Accounts > Email. Click Configure.

Email Configuration for iOS devices

Email Settings Description
Account Description Provide a display name for the email account. Use any name as this is used for distinguishing between email accounts. It is usually shown in the ‘Mail’ and ‘Settings’ applications.
Account Type Select the protocol to be used for the Email account. There are two protocols to choose from:
  1. POP (default): The emails (both sent and received) are stored locally on the device, there will not be a server for storing messages. Once the emails are stored on your devices, they are usually deleted from the email server.
  2. IMAP: IMAP stores every email on the server, and the device syncs with the server to see the messages on the device.
Path Prefix 
(If IMAP is selected)
Enter the path prefix to specify the location from where to find the mail for your IMAP account. Usually, the IMAP path prefix should be “INBOX” (use all caps).
User Display Name The name to be displayed for a user. Use %name% to fetch the user’s name mapped to the device in Hexnode MDM.
Email Address Enter the email address for the account. Use %email% to use the email address of the user mapped to the device in Hexnode MDM.
Prevent moving emails to other mail accounts

(iOS 5.0+)

If enabled, it prevents users from moving emails to other mail accounts on their devices. It also prevents forwarding and replying to emails from different email accounts configured on the same device.

Incoming Email Settings

Incoming email settings for iOS

Incoming Mail Settings Description
Incoming Mail Server Specify the server address of the incoming email server.
Incoming Server Port Enter the port number of the incoming email server. The default port number is 143.
User Name Enter the username used to connect to the incoming email server. Use %username% in this field to fetch the username of the user as in the MDM.
Authentication Type Select the type of authentication for incoming mail. The available options include:
  • None
  • Password (default)
  • MD5 Challenge-response
  • NTLM
  • HTTP MD5 Digest
Password Enter the account password to authenticate with the incoming mail server. The password should be specified if any option other than None is selected as Authentication Type.
Note:

  • If multi-factor authentication is enabled for the email account and isn’t supported by the native mail app, add the app password instead of the account password.

Use SSL Use SSL if an encrypted connection is needed to be established between the incoming mail server and the iOS device. SSL is used by default.

Outgoing Email Settings

Outgoing email settings for iOS

Outgoing Mail Settings Description
Outgoing Mail Server Specify the server address of the outgoing email server.
Outgoing Server Port Enter the port number of the outgoing email server. The default port number is 587.
User Name Enter the username used to authenticate with the outgoing email server. Use %username% in this field to fetch the username of the user as in the MDM.
Authentication Type Select an authentication type to authenticate with the outgoing mail server. The available types include:
  • None
  • Password (default)
  • MD5 Challenge-response
  • NTLM
  • HTTP MD5 Digest
Outgoing Password Same As Incoming 

(if outgoing authentication type is other than None)

Specify whether the passwords for the incoming and outgoing servers are the same. If enabled, the outgoing password field will be hidden. This option is enabled by default.
Password 

(if ‘Outgoing Password Same As Incoming’ is disabled)

Enter the email account password used to authenticate with the outgoing mail server.
Note:

  • If multi-factor authentication is enabled for the email account and isn’t supported by the native mail app, add the app password instead of the account password.

Allow Recent Address Syncing
(iOS 6.0+)
Allow the device to sync the recently used email addresses between the device and their iCloud account. This option is disabled by default.
Use Only in Mail
(iOS 5.0+)
Allow users to view and send emails only from the Apple Mail app. This option is disabled by default.
Use SSL A Secured Sockets Layer establishes an encrypted connection between the device and the outgoing server. By default, SSL is used.
Use S/MIME Specify whether the email account uses S/MIME to sign, encrypt, or decrypt emails. S/MIME is an asymmetric cryptography-based encryption method used to check the authenticity, integrity, and confidentiality of the emails. This option is disabled by default.
Mail Drop

(iOS 9.2+)

Allows the configured email account to use Mail Drop. This option is disabled by default.

If Use S/MIME is enabled,

Settings Description
Signing Certificate A signing certificate helps users to digitally sign the outgoing email to ensure the authenticity of the sender. Select the already uploaded certificate from the list. If you haven’t uploaded one, go to iOS > Security > Certificates to upload one.
Encryption Certificate An encryption certificate is used to encrypt all messages. Select the one you’ve uploaded at iOS > Security > Certificates.
Users can toggle S/ MIME signing on/off in Settings 

(iOS 12.0+)

Checking this option allows the users to toggle S/MIME signing on/off in Settings. If disabled, it prevents the users from changing the signing settings and forces them to use the signing certificate that you have configured. This option is disabled by default.
Users can select the signing identity 

(iOS 12.0+)

Checking this option allows the users to select the signing identity. This option is disabled by default.
Enable S/MIME encryption by default 

(iOS 12.0+)

Check this option to encrypt all emails as the default behavior.
Users can override default encryption settings 

(iOS 12.0+)

Checking this option allows the user to toggle the encryption by default settings. If disabled, it forces the user to use the encryption that you have configured. This option is disabled by default.
Users can select the S/MIME encryption identity 

(iOS 12.0+)

Checking this option allows the users to select S/MIME encryption identity. This option is disabled by default.
Enable encryption per message 

(iOS 12.0+)

Specify whether users can choose to encrypt emails while composing them. Checking this option will display the per-message encryption option when composing a new mail. This option is disabled by default.

Associate policy with Target Devices

If the policy has not been saved,

  1. Navigate to Policy Targets > +Add Devices.
  2. Choose the target devices and click Ok. Click Save.
  3. You can also associate the policy to Device Groups, Users, User Groups or Domains from the left pane of Policy Targets tab.

If the policy has been saved,

  1. Go to Policies and choose the desired policy.
  2. Click on Manage drop-down and select Associate Targets.
  3. Choose the target entities and click Associate.