The email compliance policies available on the AirWatch Console are General Email Policies, Managed Device Policies, and Email Security Policies. You can activate any of these email compliance policies or edit the rules for these email policies to allow or block the devices.
- Navigate to Email > Compliance Policies. By default, the policies are disabled and are denoted by a red colored circle under the Active column.
- Use the edit policy icon under the Actions column to edit any of the rules for a policy.
- General Email Policies – Enforce policies on all devices accessing email. When you choose a user group, the policy applies to all the users of that group.
AirWatch prevents devices from syncing with the selected folders irrespective of other compliance policies.
For the policy to take effect, it is necessary to republish the EAS profile to the devices (this forces devices to resync with the email server)
- You can allow or block mail clients based on the client type such as Custom and Discovered
- You can also set default actions for the mail client and newly discovered mail clients that do not display in the Mail Client drop-down menu. For the custom client type, wildcard (*) characters and auto-complete are supported.
Email Policy Description Sync Settings
Prevent the device from syncing with specific EAS folders.
Managed Device Restrict email access only to managed devices. Mail Client
Restrict email access to a set of mail clients.
User Restrict email access to a set of users. You can allow or block user type that includes Custom, Discovered, AirWatch User Account, and AirWatch user group. You can also set default actions for usernames that do not display in the Username or Group drop-down menu. For the custom user type, wildcard (*) characters and auto-complete are supported. EAS Device Type Whitelist or blacklist devices based on the EAS Device Type attribute reported by the end-user device. You can allow or block devices based on the client type that includes Custom and Discovered mail client. You can also set default actions for the EAS device types that do not display in the Device Type drop-down field. For the custom client type, wildcard (*) characters and auto-complete are supported.
- Managed Device Policies – Enforce policies on managed devices accessing email.
Email Policy Description Inactivity Prevent inactive, managed devices from accessing email. You can specify the number of days a device shows up as inactive (that is, does not check in to AirWatch), before AirWatch prevents email access. The minimum accepted value is 1 and maximum is 32767. Device Compromised Prevent compromised devices from accessing email. This policy does not block email access for devices that have not reported compromised status to AirWatch. Encryption Prevent email access for unencrypted devices. This policy is applicable only to devices that have reported data protection status to AirWatch Model Restrict email access based on the platform and model of the device. Operating System Restrict email access to a set of operating systems for specific platforms. Require ActiveSync Profile Restricts email access to devices which are not managed with an Exchange ActiveSync profile.
- Email Security Policies – Enforce policies on attachments and hyperlinks. This policy is applicable for SEG deployments only. For more information, see Email Content, Attachments & Hyperlinks Protection.
- All - If you want to open all the hyperlinks with VMware Browser.
- Exclude - If you do not want the device users to open the mentioned domains through the VMware Browser. Mention the excluded domains in the Modify all hyperlinks except for these domains field. You can bulk-upload the domain names from a CSV file as well.
- Include - If you want the device users to open the hyperlinks from specified domains through the VMware Browser. Mention the included domains in the Only modify hyperlinks for these domains field. You can bulk upload the domain names from a .csv file as well.
Email Policy Description Email Security Classification Define the policy for the SEG to take on emails with tags and without tags. You can use the predefined tags or create tags using the Custom option. Based on the classification, you can either choose to allow or block the email in AirWatch Inbox and other email clients. Attachments (managed devices)
Encrypt email attachments of the selected file types. These attachments are secured on the device and are only available for viewing on the VMware Content Locker.
Currently, this feature is only available in managed iOS, Android devices, and Windows Phones with the Content Locker application. For other managed devices, you can choose to either allow encrypted attachments, block attachments, or allow unencrypted attachments.
Attachments (unmanaged devices)
Encrypt and block attachments or allow unencrypted attachments for unmanaged devices.
Encrypted email attachments are not viewable on unmanaged devices. This feature is intended to maintain email integrity. If an email with an encrypted attachment is forwarded from an unmanaged device, the recipient can still view the attachment on a PC or another mobile device.
For the maximum use of SEG, AirWatch recommends using SEG for the attachment encryption and hyperlink transformation that can be accessed using AirWatch Inbox for iOS, Android, and the Native Mail Client for iOS and Android.
Allow device users to open hyperlinks contained within an email directly with VMware Browser present on the device. The Secure Email Gateway dynamically modifies the hyperlink to open in VMware Browser. You may choose one of the Modification Type:
- Create your compliance rule and Save.
Select the gray circle under the Active column to activate the compliance policy. A page appears with a key code.
- Enter the key code in the corresponding field and select Continue. The policy is activated and shows a green colored circle under the Active column.