Apple Platform Deployment
- Intro to Apple platform deployment
- What’s new
- Choose a deployment model
- Apple TV deployment
- Apple Watch deployment
- Choose an MDM solution
- Back up and restore devices
- Use standards-based services
- Deploy devices using Apple School Manager, Apple Business Manager, or Apple Business Essentials
- Configure your network for MDM
- Configure devices to work with APNs
- Intro to Apple identity services
- Platform SSO for macOS
- Enrollment SSO for iPhone and iPad
- Intro to content distribution
- Content distribution methods
- Manage login items and background tasks on Mac
- Connect to 802.1X networks
- Wi-Fi roaming support
- Apple TV Wi-Fi specification details
- Use network relays
- Filter content
- Use AirPlay
- Intro to device management security
- Rapid Security Responses
- Lock and locate devices
- Erase devices
- Activation Lock
- Manage accessory access
- Enforce password policies
- Use persistent tokens
- Use built-in network security features
- Managed Device Attestation
- Declarative status reports
- Accessibility payload settings
- Automated Certificate Management Environment (ACME) payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Lock payload settings
- Associated Domains payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Cellular payload settings
- Cellular Private Network payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Certificates payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory Service payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Dock payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-on payload settings
- Extensible Single Sign-on Kerberos payload settings
- Extensions payload settings
- FileVault payload settings
- Finder payload settings
- Firewall payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen Layout payload settings
- Identification payload settings
- Identity Preference payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen Message payload settings
- Login Window payload settings
- Managed Login Items payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Relay payload settings
- SCEP payload settings
- Security payload settings
- Setup Assistant payload settings
- Single Sign-on payload settings
- Smart Card payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload settings
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- Xsan payload settings
- Authentication credentials and identity asset settings
- Calendar declarative settings
- Certificates declarative configuration
- Contacts declarative configuration
- Exchange declarative configuration
- Google Accounts declarative configuration
- LDAP declarative configuration
- Legacy interactive profile declarative configuration
- Legacy profile declarative configuration
- Mail declarative configuration
- Passcode declarative configuration
- Passkey Attestation declarative configuration
- Screen Sharing declarative configuration
- Service configuration files declarative configuration
- Software Update declarative configuration
- Subscribed Calendars declarative configuration
- Document revision history
Exchange Web Services (EWS) MDM payload settings for Apple devices
You can configure Microsoft Exchange accounts for users of Mac computers enrolled in a mobile device management (MDM) solution. Use the Exchange Web Services (EWS) payload to enter the user’s settings for your Microsoft Exchange Server.
For information about requirements and supported features, see Integrate Apple devices with Microsoft Exchange.
The Exchange Web Services (EWS) payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.ews.account
Supported operating systems and channels: macOS user.
Supported enrollment types: User Enrollment, Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one Exchange Web Services payload can be delivered to a user.
You can use the settings in the table below with the Exchange Web Services payload.
The display name for the account.
Account user name
The user name with the optional domain.
Account email address
The email address for the account.
The password of the user account. If you leave this field empty, users must enter their password after the payload is installed on the device.
Use OAuth for authentication
Specifies whether the connection should use OAuth for authentication. If OAuth is specified, the password field should be left empty.
The URL to load into a web view for OAuth authentication if auto-discovery isn’t used. Also requires the hostname.
Internal Exchange hostname
The IP address or fully qualified domain name (FQDN) of the internal Exchange host.
Internal server path
The server path for the internal Exchange host.
Use SSL for internal server
When the Use SSL option is selected and the internal server’s SSL certificate isn’t issued by a trusted certificate authority known to the devices, use the Certificates payload to add any root or intermediate certificates that are necessary to validate the internal server’s SSL certificate.
External Exchange hostname
The IP address or fully qualified domain name (FQDN) of the external Exchange host.
External server path
The server path for the external Exchange host.
Use SSL for external server
When the Use SSL option is selected and the external server’s SSL certificate isn’t issued by a trusted certificate authority known to the devices, use the Certificates payload to add any root or intermediate certificates that are necessary to validate the external server’s SSL certificate.
Allow Mail Drop
Specify whether Mail Drop appears as an option when sending large files using the Mail app.
Note: Each MDM vendor implements these settings differently. To learn how various Exchange Web Services (EWS) settings are applied to your users, consult your MDM vendor’s documentation.