Email policies enhance security by restricting access based on the device status and general mail client characteristics. These policies allow for granular control over the devices that are approved for accessing email.
a. Mail client compliance is not supported on Windows Phone.
b. The Sync Settings and Email Security Classification policies are not applicable for SEG V2 architecture.
c. The Android Lotus Notes Client and iOS Touchdown presently does not support the attachment encryption security email policy.
General Email Policies
The general email policies used to restrict email access to devices are listed in the following table.
Prevents the device from syncing with specific EAS folders. AirWatch prevents devices from syncing with the selected folders irrespective of other compliance policies.
For the policy to take effect, you must republish the EAS profile to the devices as this forces devices to re-sync with the email server.
|Managed Device||Restricts email access only to managed devices.|
|Mail Client||Restricts email access to a set of mail clients.|
|User||Restricts email access to a set of users based on the email user name|
|EAS Device Type||Allow or block devices based on the EAS Device Type attribute reported by the end-user device.|
Managed Device Policies
The managed device policies that restricts email access to devices based on factors such as device status, model and operating system are listed in the following table.
|Inactivity||Prevents inactive and managed devices from accessing email. You can specify the number of days a device shows up as inactive before email access is disabled. The minimum accepted value is 1 and maximum is 32767.|
|Device Compromised||Prevents compromised devices from accessing email. This policy does not block email access for devices that have not reported compromised status to AirWatch.|
|Encryption||Prevents email access for unencrypted devices. This policy is applicable only to devices that have reported data protection status to AirWatch.|
Restricts email access based on the platform and model of the device.
|Operating System||Restricts email access to a set of operating systems for specific platforms.|
|Require ActiveSync Profile||Restricts email access to devices whose email is not managed through an Exchange ActiveSync profile.|
Email Security Policies
The email security policies that take actions against devices accessing attachments and hyperlinks are listed in the following table.
|Email Security Classification||
Define the action for the SEG to take against emails with and without security tags. You can either use predefined tags or create your own tags. You can enable restricted access to AirWatch Inbox and VMware Boxer based on these tags, as well as define the default behavior for other mail clients.
If you choose to block emails, you can choose to replace the email contents with a helpful message using the available templates configured at message template settings. Also, lookup values are not supported for Block Email message template.
|Attachments (managed devices)||
Encrypt email attachments of selected file type with an encryption key unique to the device - user combination.
These attachments are secured on the device and are only available for viewing on the VMware Content Locker. This is only possible on managed iOS, Android, and Windows Phone devices with the VMware Content Locker application. For other managed devices, you can either allow encrypted attachments, block attachments, or allow unencrypted attachments.
|Attachments (unmanaged devices)||Allow encrypted attachments, block attachments, or allow unencrypted attachments for unmanaged devices. Attachments are encrypted for unmanaged devices to prevent data loss and maintain email integrity. The attachments of unmanaged devices cannot be opened in VMware Content Locker.|
Allow device users to open hyperlinks contained within an email directly with VMware Browser present on the device. The Secure Email Gateway dynamically modifies the hyperlink to open in VMware Browser.
The Modifications Types are All, Include, and Exclude.
Enable the Test Mode option on the Email Dashboard to test the compliance capabilities of the email policies even before applying the polices on the devices.