Manage your devices using the email compliance policies that are applicable for Directory APIs configuration. Along with the compliance policies, the Email Dashboard and the List View page also lets you effectively manage your corporate devices.
While the Email Dashboard displays the device status, the List View page displays user and device-specific information either in a summarized or detailed manner.
General Email Policies
- Managed device – Allow/block unenrolled devices from accessing email.
Managed Device Polices
AirWatch will not set access against Google for any devices that enroll while compliance is disabled, nor change the access state for any previously enrolled devices that change compliance status.
The policies mentioned here can be activated from Email > Compliance Policies page.
- Inactivity – Allows you to prevent inactive, managed devices from accessing email. You can specify the number of days a device shows up as inactive (that is, does not check-in to AirWatch), before email access is cut off.
- Device Compromised – Allows you to prevent compromised devices from accessing email. Note that this policy does not block email access for devices that have not reported compromised status to AirWatch.
Note that unenrolled devices are blocked by default.
- Encryption – Allows you to prevent email access for unencrypted devices. Note that this policy is applicable only to devices that have reported data protection status to AirWatch.
- Model – Allows you to restrict email access based on the Platform and Model of the device.
- Operating System – Allows you to restrict email access to a set of operating systems for specific platforms.
Require ActiveSync Profile – Allows you to restrict email access to devices whose email is managed through an Exchange ActiveSync profile.
Gain visibility into the email traffic and monitor the devices through the AirWatch Email Dashboard. This dashboard gives you a real-time summary of the status of the devices connected to the email traffic. You can access the Dashboard from Email > Dashboard . The email dashboard enables you to:
- Whitelist or blacklist a device to allow or deny access of email
- View the devices which are managed, unmanaged, compliant, non- compliant, blocked, or allowed
- View the device details such as OS, Model, Platform, Phone Number, IMEI, IP address
From the Dashboard, you can also use the available Graphs to filter your search. For example, if you want to view all the managed devices of that organization group, select the Managed Devices graph. This displays the results in the List View screen.
View all the real-time updates of your end user devices that you are managing with AirWatch MEM. You can access the List View from Email > List View. You can view the device or user-specific information by switching between the two tabs: Device and User. You can change the Layout to either view the summary or the detailed list of the information based on your requirement.
The List View screen provides detailed information that includes:
- Last Request – The last state change of the device. In SEG integration, this column shows the last time a device synced mail.
- User – The user account name.
- Friendly Name – The friendly name of the device.
- MEM Config – The configured MEM deployment that is managing the device.
- Email Address – The email address of the user account.
- Identifier – The unique alpha-numeric identification code associated with the device.
- Mail Client – The email client syncing the emails on the device.
- Last Command – The command triggers the last state change of the device and populates the Last Request column.
- Last Gateway Server – The gateway server to which the device connected.
- Status – The real time status of the device and whether email is blocked or allowed on it as per the defined policy.
- Reason – The reason code for allowing or blocking email on a device.
The reason code displays 'Global' when access state is defined by the default organization allow/block/quarantine policy. The reason code is 'Individual' when device ID is explicitly set for a given mailbox by Exchange admin or AirWatch. The reason code is 'Policy' when device is blocked by any EAS policy.
- Platform, Model, OS, IMEI, EAS Device Type, IP Address – The device information displays in these fields.
- Mailbox Identity – The location of the user mailbox in the Active Directory.
Filters for Quick Search
The Filter option is available on the List View page. Using this filter, you can narrow your device search based on:
- Last Seen – All, less than 24 hours, 12 hours, 6 hours, 2 hours.
- Managed – All, Managed, Unmanaged.
- Allowed – All, Allowed, Blocked.
- Policy Override – All, Blacklisted, Whitelisted, Default.
- Policy Violation – Compromised, Device Inactive, Not data Protected/Enrolled/MDM Compliant, Unapproved EAS Device Type/Email Account/Mail Client/Model/OS.
- MEM Config – Filter devices based on the configured MEM deployments.
The Override, Actions, and Administration drop-down menu provides a single location to perform multiple actions on the device.
Note that these actions once performed cannot be undone.
Select the check box corresponding to a device to perform actions on it.
- Whitelist – Allows a device to receive emails.
- Blacklist – Blocks a device from receiving emails.
- Default – Allows or blocks a device based on whether the device is compliant or non-compliant.
- Run Compliance – Triggers the compliance engine to run for the selected MEM configuration. For any device that has a state change (that is, compliant to non-compliant or conversely), AirWatch sends out an Allow/Block command accordingly.
- Remote Wipe – Resets the device to factory settings.
- Migrate Devices – Migrates selected device to other chosen MEM configurations by deleting the installed EAS profile and pushing the EAS profile of the chosen configuration on the device.
Testing the email policies before deploying on the devices is a good practice. AirWatch recommends using the following method to test the capabilities of these policies before applying them on the devices.
- Disable the Compliance option available on the Email Policies page during the testing phase. Use separate organization groups to test out policies against a subset of enrollment users who also belong to the Gmail environment.