
Mail device management payload settings for Apple devices
You can configure mail accounts for users of an iPhone, iPad, Shared iPad, Mac or Apple Vision Pro that enrols in a device management service. Use the Mail payload to configure POP or IMAP mail accounts for users. Apple devices support industry-standard IMAP4 and POP3 mail solutions on a range of server platforms, including macOS, Windows, UNIX and Linux.
The Mail payload supports the following. For more information, see Payload information.
- Supported payload identifier: com.apple.mail.managed 
- Supported operating systems and channels: iOS, iPadOS, Shared iPad user, macOS user, visionOS 1.1. 
- Supported enrolment methods: User Enrolment, Device Enrolment, Automated Device Enrolment. 
- Duplicates allowed: True — more than one Mail payload can be delivered to a user or device. 
You can use the settings in the tables below with the Mail payload.
Account settings
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Account description | The display name for the account. | No | |||||||||
| Account type | Select POP or IMAP. If IMAP is selected, you can optionally add the path prefix. | Yes | |||||||||
| User display name | The display name of the user. | Yes | |||||||||
| Account email address | The email address for the account. | Yes | |||||||||
| Allow user to move messages from this account | Specify whether email messages can be moved between mail accounts. | No | |||||||||
| Allow recent addresses to be synced | Specify whether recently used addresses can be synced across devices. | No | |||||||||
| Allow Mail Drop | Specify whether Mail Drop appears as an option when sending large files using the Mail app. | No | |||||||||
| Use only in Mail | Specify whether any apps other than the Mail app are able to send email. | No | |||||||||
| Enable S/MIME signing | Enable S/MIME signing. | No | |||||||||
| Allow S/MIME signing | Allow the user to enable or disable S/MIME signing. | No | |||||||||
| S/MIME signing certificate | Select the S/MIME signing certificate. | No | |||||||||
| Allow the user to modify the S/MIME signing certificate | Allow the user to modify the S/MIME signing certificate. | No | |||||||||
| Force S/MIME encryption | Force S/MIME encryption. Note: If the sender’s public key is absent in the recipient’s system, this feature isn’t enforced. | No | |||||||||
| Allow S/MIME encryption | Allow the user to enable or disable S/MIME encryption. | No | |||||||||
| S/MIME encryption certificate | Select the S/MIME encryption certificate. | No | |||||||||
| Allow the user to modify the S/MIME encryption certificate | Allow the user to modify the S/MIME encryption certificate. | No | |||||||||
| Enable per-message encryption switch | Specify whether users have the option to encrypt messages on a per-message basis. | No | |||||||||
Mail server settings
You can have different settings for both the incoming and outgoing mail server.
| Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Hostname | The IP address or fully qualified domain name (FQDN) of the mail server. | Yes | |||||||||
| Port | The port number of the mail server. | Yes | |||||||||
| Account username | The username used to connect to the mail server. | Yes | |||||||||
| Authentication type | 
 | Yes | |||||||||
| Account password | The password to the mail server. | No | |||||||||
| Outgoing mail server password identical to the incoming mail server | Choose to use the same password for both the incoming and outgoing mail server. | No | |||||||||
| Use SSL | When the Use SSL option is selected and the server’s SSL certificate isn’t issued by a trusted certificate authority known to the devices, use the Certificates payload to add any root or intermediate certificates that are necessary to validate the server’s SSL certificate. | No | |||||||||
Note: Each device management service developer implements these settings differently. To learn how various Mail settings are applied to your devices and users, consult your developer’s device management service documentation.