BES10_Cloud logo
 

Creating Exchange ActiveSync profiles

You can use Exchange ActiveSync profiles to specify how devices connect to your organization's mail server and synchronize email messages and organizer data using Exchange ActiveSync. You can also use Exchange ActiveSync profiles to extend email security on BlackBerry 10 and iOS devices using S/MIME.

For more information about the profile settings, see the BES10 Cloud Policy and Profile Reference Guide.

Extending email security using S/MIME

You can extend email security for BlackBerry 10 and iOS device users by enabling S/MIME. S/MIME provides a standard method of encrypting and signing email messages. Users can sign, encrypt, or sign and encrypt email messages using S/MIME protection when they use a work email address. S/MIME cannot be enabled for personal email addresses.

You enable S/MIME for users in an Exchange ActiveSync profile. You can force BlackBerry 10 device users to use S/MIME, but not iOS device users. When S/MIME use is optional, a user can enable S/MIME on the device and specify whether to encrypt, sign, or encrypt and sign email messages.

To sign and encrypt email messages, users must store their private keys and a certificate for each recipient on their devices. Users can store their private keys and certificates by importing the files from a work email message.

For more information about S/MIME, see the BES10 Cloud Security Technical Overview.

Create an Exchange ActiveSync profile

Before you begin:
  • If you use certificate-based authentication for iOS devices, create a CA certificate profile and a shared certificate profile and assign them to users.
  • To use Exchange ActiveSync profiles for Android devices, the devices must meet one of the following requirements:
    • The device must have the TouchDown app installed. For more information about the TouchDown app, visit nitrodesk.com.
    • The device must be a Motorola device that supports the Enterprise Device Management API. See Motorola Enterprise Device Management SDK: Getting Started to view a list of Motorola devices that support the Enterprise Device Management API. If both TouchDown and the Enterprise Device Management API are present on an Android device, BES10 Cloud uses TouchDown to apply the profile.
  1. On the menu bar, click Policies and Profiles.
  2. Click the + icon beside Exchange ActiveSync.
  3. Type a name and description for the profile.
  4. If required, type the domain name of the mail server.
  5. In the Email address field, perform one of the following actions:
    • If the profile is for one user, type the email address of the user.
    • If the profile is for multiple users, type %UserEmailAddress%.
  6. Type the host name or IP address of the Exchange ActiveSync server.
  7. If the mail server requires SSL authentication, select Use SSL.
  8. In the Username field, perform one of the following actions:
    • If the profile is for one user, type the username.
    • If the profile is for multiple users, type %UserName%.
    • If the profile is for multiple users in an IBM Notes Traveler environment, type %UserDisplayName%.
  9. Click the tab for each device type in your organization and configure the appropriate values for each profile setting.
  10. Click Add.
After you finish: If you create more than one Exchange ActiveSync profile, Rank profiles.
Last updated: 2014-02-21
©2014 BlackBerry. All Rights Reserved. | Glossary | Legal notice