This is an Early Access feature. To enable it, please contact Okta Support.

Enforce Okta Device Trust for Exchange ActiveSync on OMM-managed iOS devices


This Okta Device Trust solution for Microsoft Office 365 EAS on OMM managed iOS devices allows you to do the following:

  • Configure the iOS mail app to use certificates instead of passwords to allow OMM-enrolled users to authenticate to Microsoft Office 365 Exchange ActiveSync.
  • Configure iOS mail app client access policy to prevent users with unmanaged devices from accessing Microsoft Office 365 Exchange ActiveSync.


This Device Trust solution provides these key benefits:

  • Allows end users to seamlessly SSO in to their native iOS mail app (EAS) from OMM-enrolled iOS devices
  • Enhances Office 365 Exchange ActiveSync security through enforcement of certificate-based authentication instead of password authentication
  • Prevents users with unmanaged iOS devices from accessing Office365

  • Helps prevent users from becoming locked-out of their account due to Active Directory (AD) password resets