Quickstart: Create an email device profile for iOS/iPadOS
In this quickstart, you'll see how to create an email device profile for iOS/iPadOS devices. This profile specifies the settings that are required for the built-in email app on the iOS/iPadOS device to connect to company email. Email device profiles help standardize settings across devices, and they let end users access company email on their personal devices without any required setup on their part. To further safeguard your email, you can use an email profile to determine if devices are compliant, and then set up Conditional Access to allow only compliant devices to access email. For details about email profiles, see How to configure email settings in Microsoft Intune
If you don't have an Intune subscription, sign up for a free trial account.
Sign in to Intune
Sign in to the Microsoft Endpoint Manager admin center as a Global Administrator or an Intune Service Administrator. If you have created an Intune Trial subscription, the account you created the subscription with is the Global administrator.
Create an iOS/iPadOS email profile
Sign in to the Microsoft Endpoint Manager admin center.
Select and go to Devices > Configuration profiles > Create profile.
Enter the following properties:
- Platform: Select iOS/iPadOS
- Profile: Select Email
In Basics, enter the following properties:
Name: Enter a descriptive name for the new profile. For this example, enter iOS require work email.
Description: Enter Require iOS/iPadOS devices to use work email
In Configuration settings, enter the following settings (leave the defaults for other settings):
- Email server: For this quickstart, enter outlook.office365.com. This setting specifies the Exchange location (URL) of the email server that the iOS/iPadOS mail app will use to connect to email.
- Account name: Enter Company Email.
- Username attribute from AAD: This name is the attribute Intune gets from Azure Active Directory (Azure AD). Intune dynamically generates the username for this profile using this name. For this quickstart, we'll assume that we want the User Principal Name to be used as the username for the profile (for example, firstname.lastname@example.org).
- Email address attribute from AAD: This setting is the email address from Azure AD that will be used to sign in to Exchange. For this quickstart, select User Principal Name.
- Authentication method: For this quickstart, select Username and password. (You can also choose Certificate if you've already set up a certificate for Intune.)
In Scope tags (optional), Select Next. We won't use a scope tag for this profile.
In Assignments, use the drop-down for Assign to and select All users and all devices. Then, select Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.
Clean up resources
If you don't intend to use the profile you created for additional tutorials or testing, you can delete it now.
- In Intune, selectDevices > Device configuration.
- Select the test profile you created, iOS/iPadOS require work email, and then select Delete.
In this quickstart, you created an email profile for iOS/iPadOS devices. Now you can use this profile to determine whether an iOS/iPadOS device is compliant by creating a compliance policy that marks as noncompliant any iOS/iPadOS devices that don't match the profile. For further protection, you can create a Conditional Access policy that blocks noncompliant iOS/iPadOS devices from accessing email. For more information about device compliance policies, see Get started with device compliance policies in Intune.