iOS: Email profile settings
    iOS
: Email profile settingsThese settings also apply to 
iPadOS
 devices| iOS: Email profile setting | Description  | 
|---|---|
| Delivery settings | |
| Allow messages to be moved | This setting specifies whether users can move email messages from this account to another existing email account on a device. | 
| Allow recent addresses to be synced | This setting specifies whether a user can sync recently used addresses across devices. | 
| Use only in Mail | This setting specifies whether apps other than the Mail app can use this account to send email messages. | 
| Enable S/MIME  | This setting specifies whether a user can send S/MIME protected email messages. | 
| Enable digitally signed S/MIME messages | This setting specifies whether a device sends outgoing messages with a digital signature. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Signing credentials  | This setting specifies how devices find the certificates required to sign messages.  This setting is valid only if the "Enable S/MIME" setting is selected. After you choose the profile type you want to use, you specify the shared certificate, SCEP, or user credential profile. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Signing shared certificate | This setting specifies the shared certificate profile for a client certificate that a device uses to sign email messages. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Signing SCEP | This setting specifies the SCEP profile that devices can use to retrieve the certificates required to sign email messages using S/MIME. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Signing user credential | This setting specifies the user credential profile that devices can use to obtain the client certificates required to sign email messages using S/MIME. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| User can turn on or turn off S/MIME signing | This setting specifies whether a user is allowed to turn on or turn off S/MIME signing.  This setting is valid only if the "Enable S/MIME" setting is selected. | 
| User can change signing credentials | This setting specifies whether a user can override signing credentials. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Enable S/MIME message encryption | This setting specifies whether a device encrypts outgoing email messages with S/MIME encryption. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Encryption credentials | This setting specifies how devices find the certificates required to encrypt messages. After you select the profile type, you select the shared certificate, SCEP, or user credential profile that you want to use. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Encryption shared certificate  | This setting specifies the shared certificate profile for a client certificate that a device can use to encrypt email messages. Devices choose the appropriate certificate for the recipient to encrypt messages using S/MIME. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Encryption SCEP | This setting specifies the SCEP profile that devices can use to retrieve the certificates required to encrypt email messages using S/MIME. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Encryption user credential | This setting specifies the user credential profile that devices can use to retrieve the client certificates required to encrypt email messages using S/MIME. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| User can override S/MIME encryption | This setting specifies whether a user can turn on or turn off the encryption setting.  This setting is valid only if the "Enable S/MIME" setting is selected. | 
| User can override S/MIME encryption credentials | This setting specifies whether a user can override S/MIME encryption credentials.  This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Encrypt messages | This setting specifies whether all email messages must be encrypted when the user sends them (Required), or if the user can choose which messages to encrypt at the time they send them (Allow). This setting takes effect only if the "Enable S/MIME" setting is selected. This setting is valid only if the "Enable S/MIME" setting is selected. | 
| Allow Mail Drop | This setting specifies whether users with the  MDM controlsactivation type can send files from this account using Mail Drop. | 
| Days to synchronize | This setting specifies the number of days in the past to synchronize email messages and organizer data to a device. This setting applies only to the default mail and organizer apps on devices with the  MDM controlsactivation type. | 
| Per-account VPN | This setting specifies the VPN profile that is used for this account’s network communication. This setting applies only to  iOS14 and later and iPadOS14 and later devices. | 
| Authentication | |
| Enable  BlackBerry Secure Gateway | This setting specifies whether devices with the  MDM controlsactivation type use the BlackBerry Secure Gateway to connect to the mail server. The BlackBerry Secure Gatewayprovides a secure connection to your organization's mail server through the BlackBerry Infrastructureand BlackBerry UEM. If you configured server groups to direct  BlackBerry Secure Gatewaytraffic to a specific regional connection to the BlackBerry Infrastructure, you must associate the email profile with the appropriate server group. | 
| Authentication type | This setting specifies the type of authentication a device uses to connect to the mail server. This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected. | 
| Shared certificate profile | This setting specifies the shared certificate profile for the client certificate that a device uses to connect to the mail server. This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected and the "Authentication type" setting is set to "Shared certificate." | 
| Associated SCEP profile  | This setting specifies the associated SCEP profile that a device uses to enroll a client certificate to use for authentication with the mail server. This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected and the "Authentication type" setting is set to "SCEP." | 
| Associated user credential profile | This setting specifies the associated user credential profile that a device uses to enroll a client certificate to use for authentication with the mail server. This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected and the "Authentication type" setting is set to "User credential." | 
| Use credentials and certificate | This setting specifies whether a device uses credentials and a client certificate obtained using the associated SCEP profile to authenticate with the mail server. This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected and the "Authentication type" setting is set to "SCEP." | 
| Use OAuth for authentication | This setting specifies whether the connection should use OAuth for authentication. | 
| OAuth sign-in URL | This setting specifies the URL that this account should use to sign in to OAuth. When you specify this URL you must specify a host because auto-discovery is not used. This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected. | 
| OAuth token request URL | This setting specifies the URL that this account should use for token requests using OAuth This setting is valid only if the "Enable BlackBerry Secure Gateway" setting is not selected. | 
| Use SSL  | This setting specifies whether a device must use SSL to connect to the mail server. | 
| Accept all SSL certificates | This setting specifies whether all SSL certificates are accepted. This setting is valid only if the "Use SSL" setting is selected. | 
| External email domains | |
| External email domain allowed list | This setting specifies the list of domains that a user can send work email or calendar entries to. For example, when a user adds a recipient who has an email address in the allowed domain to an email message or calendar entry, no warning message is displayed. This setting applies to the work space only. If you list multiple domain names, separate the domain names with a comma (,), semicolon (;), or space.  | 
| External email domain restricted list | This setting specifies the list of domains that users cannot send work email or calendar entries to. For example, if a user tries to add a recipient with an email address from the restricted domain to an email message or calendar invitation, the  Work Connectapp prevents the user from completing the task. This setting applies to the work space only. If you list multiple domain names, separate the domain names with a comma (,), semicolon (;), or space. | 
| Enabled services | |
| Mail | This setting specifies whether users can access their work email on the device. | 
| Contacts | This setting specifies whether users can access their work contacts on the device.  | 
| Calendars         | This setting specifies whether users can access their work calendar on the device. | 
| Reminders | This setting specifies whether users can access their work reminders on the device. | 
| Notes | This setting specifies whether users can access their work notes on the device. | 
| Account modification | |
| Mail | This setting specifies whether users can change whether access to work email is enabled or disabled on the device. | 
| Contacts | This setting specifies whether users can change whether access to work contacts is enabled or disabled on the device. | 
| Calendars         | This setting specifies whether users can change whether access to their work calendar is enabled or disabled on the device. | 
| Reminders | This setting specifies whether users can change whether access to their work reminders is enabled or disabled on the device. | 
| Notes | This setting specifies whether users can change whether access to their work notes is enabled or disabled on the device. |