The features that AirWatch supports and the recommended deployment sizes are listed in this section. Use the decision matrix to choose the deployment that best suits your need.
With enforced attachment encryption on your mobile devices, AirWatch can help keep your email attachments secure without hindering the end users' experience.
|Native||AirWatch Inbox||Touchdown||Traveler||VMware Boxer|
*If your deployment includes Windows Phone 8/8.1/RT devices, AirWatch recommends using attachment encryption.
SEG supports attachment encryption and hyperlink transformation on Boxer, only if these features are enabled for the Boxer app configuration on the AirWatch Console.
SEG supports attachment encryption with Exchange 2010/2013/2016 and Office 365.
Follow the configuration recommendations in the table below to get maximum security.
|Gmail||PowerShell||Secure Email Gateway (SEG)|
|Cloud Mail Infrastructure|
|Office 365||✓ **||✓|
|On-premises Email Infrastructure|
|Exchange 2010||✓ ^||✓|
|Exchange 2013||✓ ^||✓|
|Exchange 2016||✓ ^||✓|
^AirWatch recommends using the Secure Email Gateway (SEG) for all on-premises email infrastructures with deployments of more than 100,000 devices. For deployments of less than 100,000 devices, using PowerShell is another option for your email management. Please refer to the Secure Email Gateway vs. PowerShell Decision Matrix.
**The recommended threshold for PowerShell implementations is based on the most recent set of completed performance tests, and may change on a release by release basis. Deployments up to 50,000 devices can expect reasonably quick sync and run compliance time frames (less than three hours). As the deployment size expands closer to 100,000 devices, then administrators can expect the sync and run compliance processes to continue to increase in the 3 – 7 hour time frame.
Secure Email Gateway vs PowerShell Decision Matrix
Use the following matrix to understand the deployment features of SEG and PowerShell, and choose a deployment that best suits your need.
|+ Microsoft recommends using Active Directory Federated Services (ADFS) for preventing direct access to Office 365 email accounts.|
Connecting IBM Notes Traveler Server through AirWatch Inbox
If you are using an AirWatch Exchange ActiveSync profile to connect to an IBM Notes Traveler server through the Android AirWatch Inbox, you may receive 'HTTP 449' response when an Android device attempts to connect to the Traveler server. This 'HTTP 449' error occurs if the ActiveSync policy headers sent from the client (and enforced through AirWatch) do not match the policy headers supported by the Traveler server.
AirWatch recommends the following steps to resolve such issues:
- Add the following flag to the notes.ini file on the Traveler server.
NTS_AS_PROVISION_EXEMPT_USER_AGENT_REGEX =(AirWatch*) | (Apple*; AWInbox*)
Adding this flag disables Traveler from enforcing any policies to the AirWatch Inbox. You should then use AirWatch to apply the required policies to the AirWatch Inbox.
Devices that use policies provisioned directly by Traveler (that is, not configured through AirWatch), are not affected.
- Restart the Traveler server.
If you are using IBM Notes Traveler with SEG 7.3+, then the IBM Notes Traveler requires the Microsoft-Server-Activesync website support.