How and where does resolution of conflicting restrictions or multiple email settings take place?
In theory, the resolution could take place on an MDM server or on the device. So where does it take place? I have seen reference to a file called the ProfileTruth.plist. What do people know about this file and where is it generated?
My experience in general has been that the most restrictive settings apply. Apple also states this is the way it is supposed to work. As an example if an IPCU profile set the passcode lock timeout at 30 minutes, and an Exchange Server policy set it at 15 minutes, the 15 minute setting would apply. I believe resolution occurs on the device. To my knowledge Exchange server doesn't have a way of resolving conflicts like that, and lets that be handled by the device. We also were interested in password expiration settings. We found they are stored on the device, so if the device were hard reset (erase all content and settings) the password expiration clock would be reset under certain conditions. In general it seems that the server only provides the device with the requirements it must conform to in order to maintain access to the Exchange account, but it is left to the device to implement the requirements it supports. Hope this helps a bit.