iOS devices

Top  Previous  Next


This section only applies to iOS (iPhone, iPad and iPod Touch) devices.


Starting with version 5.15, mSuite ships with a default Device Settings policy for iOS devices which is applied to all users but, by default, is not activated.  The Device Settings policy can be used to configure (and lock) various settings on the device.  You can modify this policy or create a new policy and deploy that to groups of users.


In versions 5.17 and 5.18, more settings were added to the Device Settings policy.



Note: The policy is only applied if the EAS account on the device is created via an iOS Configuration Profile i.e. by the iOS Provisioning process. If a user manually creates their EAS account on the device, the Device Settings policy is not applied.  From 5.18 onwards, you can, if you wish, deny access to iOS devices that have not been provisioned with a Device Settings policy (Profile).


If you change a policy that has already been deployed to an iOS device, the policy on that device will not be updated until/unless the device is provisioned again.  This is an iOS restriction - for more information, click here.



Server Settings

The common Exchange ActiveSync account settings:


Host name

The host name or IP address of the machine that the device will connect to


Whether or not the device will use SSL to secure the connection

Use Default Port        

Whether or not to use the default port - 443 for SSL; 80 for non SSL


The port to use - only applies if Use Default Port is set to No



Plus, from mSuite 5.17 onwards:


Sync mail for        

The number of days mail to be sync'd to and retained on the device





It can also be used to enhance the security of iOS devices by disabling any/all of the following:


App Store
Explicit Content

Plus, from version 5.17 onwards (for iOS4 devices only):


Video Conferencing (Facetime)
Accept cookies
Fraud warnings
Allow sync when roaming


Plus, from version 5.18 onwards (for iOS4 devices only):


Prevent policy removal



Passcode Restrictions (new in 5.18)

Auto-lock period (The period after which the device locks automatically)
Grace period (The period for which the device can be unlocked without prompting for a password)

Best practise is to always work at a group level and not at an individual level.  The system will let you do both but the administration task will be much easier if everything is done with groups.  Users inherit virtually all of their settings from the group hierarchy, when you change the setting at an individual or sub group level, it will break this inheritance for the modified setting.  This means if you later change this setting at a higher group level, the modified user or group will not inherit the change, which can be confusing.



Editing an existing policy

You can edit an existing policy by expanding the navigation tree, under the node Policies, select Device Settings.  The action pane will display all of the Device Settings policies that are defined.  By default there is a single policy Default Device Settings Policy.  Right mouse click the name of the policy that you want to modify in the action pane and then select Configuration Wizard...


If you change a policy that has already been deployed to existing iOS devices, the policy on those devices will not be updated until/unless the devices are provisioned again.



Creating a new policy

To create a new policy, expand Policies and select Device Settings in the navigation tree then right mouse click an existing policy in action pane.  Select All Tasks > Copy settings to new policy... then enter the Name of the new policy and click OK.  The new policy is created as a clone of the existing policy - to change the settings in the new policy, follow the instructions for Editing an existing policy above.



Defining the Policy

In either case, the Policy Management Wizard will run to allow you to define the policy.


1.Press Next on the Welcome screen to continue.
2.If you are creating a new policy, enter the name that you want to use and press Next to continue.
3.Click Next on the Windows Mobile Policy Settings page.
4.On the iPhone Policy Settings page of the wizard, right mouse on the (parent) node in the Device Policy window and select Locked.   The icon in the tree will change to reflect the lock status.  This allows you to edit the policy and also activates it (so that it will be applied to iOS devices during the iOS Provisioning process).
5.Modify the required policy elements as required:
a)Server Settings
Host name: - the hostname of the machine the device will connect to.  If you are using the CSC, this will be  If you are using your own mSuite Proxy, it will be the hostname or IP address of that machine.
Use SSL: Yes/No - whether to use secure (SSL) connections.
Use Default Port: Yes/No - whether to use the default port (443 for secure connections; 80 non-secure connections).
Port: The port to use (only applies if Use Default Port is set to No).
b)Restrictions - choose which of the restricted applications to allow/disallow and whether or not to prevent users removing the policy (Profile) from the iOS device.
c)Passcode restrictions (new in 5.18) - these passcode restrictions operate in conjunction with the Exchange ActiveSync Security Settings Policy.  Set them to suit your organization's security needs.


Deploying the Policy to a Group of Users or an Individual User

To deploy a new Device Settings policy or change the currently deployed policy, expand the Administration node in the navigation tree, expand Users and Groups until you can see the user or group that you want to apply the policy to.



Deploying to a Group

1.In the navigation tree, right mouse click the group that you want to deploy to and then select Properties.
2.Select the Policies tab and select the policy from the drop down list.
3.Click Apply then click OK.


Deploying to a User

1.In the action pane, right mouse click the user that you want to deploy the policy to and the select Properties.
2.Check Show Advanced to display the advanced properties - this is sticky, once you have checked this it will remain checked until you choose to hide the advanced properties again.
3.Select the Policies tab and select the policy from the drop down list.
4.Click Apply then click OK.





Page url: