Mail MDM payload settings for Apple devices
You can configure mail accounts for users of iPhone and iPad devices and Mac computers enrolled in a mobile device management (MDM) solution. Use the Mail payload to configure POP or IMAP mail accounts for users. Apple devices support industry-standard IMAP4 and POP3 mail solutions on a range of server platforms, including macOS, Windows, UNIX, and Linux.
The Mail payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.mail.managed
Supported operating systems and channels: iOS, iPadOS, Shared iPad user, macOS user.
Supported enrollment types: User Enrollment, Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one Mail payload can be delivered to a user or device.
You can use the settings in the tables below with the Mail payload.
The display name for the account.
Select POP or IMAP. If IMAP is selected, you can optionally add the path prefix.
User display name
The display name of the user.
Account email address
The email address for the account.
Allow user to move messages from this account
Specify whether email messages can be moved between mail accounts.
Allow recent addresses to be synced
Specify whether recently used addresses can be synced across devices.
Allow Mail Drop
Specify whether Mail Drop appears as an option when sending large files using the Mail app.
Use only in Mail
Specify whether any apps other than the Mail app are able to send email.
Enable S/MIME signing
Enable S/MIME signing.
Allow S/MIME signing
Allow the user to enable or disable S/MIME signing.
S/MIME signing certificate
Select the S/MIME signing certificate.
Allow the user to modify the S/MIME signing certificate
Allow the user to modify the S/MIME signing certificate.
Force S/MIME encryption
Force S/MIME encryption.
Note: If the sender’s public key is absent in the recipients system, this feature isn’t enforced.
Allow S/MIME encryption
Allow the user to enable or disable S/MIME encryption.
S/MIME encryption certificate
Select the S/MIME encryption certificate.
Allow the user to modify the S/MIME encryption certificate
Allow the user to modify the S/MIME encryption certificate.
Enable per-message encryption switch
Specify whether users have the option to encrypt messages on a per-message basis.
Mail server settings
You can have different settings for both the incoming and outgoing mail server.
The IP address or fully qualified domain name (FQDN) of the mail server.
The port number of the mail server.
Account user name
The user name used to connect to the mail server.
The password to the mail server.
Outgoing mail server password identical to the incoming mail server
Choose to use the same password for both the incoming and outgoing mail server.
When the Use SSL option is selected and the server’s SSL certificate isn’t issued by a trusted certificate authority known to the devices, use the Certificates payload to add any root or intermediate certificates that are necessary to validate the server’s SSL certificate.
Note: Each MDM vendor implements these settings differently. To learn how various Mail settings are applied to your devices and users, consult your MDM vendor’s documentation.