The features that Workspace ONE UEM supports and the suitable deployment sizes are listed in this section. Use the decision matrix to choose the deployment that best suits your need.
With enforced attachment encryption on your mobile devices, Workspace ONE UEM can help keep your email attachments secure without hindering the end users' experience.
|Native||AirWatch Inbox||Touchdown||Traveler||VMware Boxer|
*If your deployment includes Windows Phone 8/8.1/RT devices, use attachment encryption.
SEG supports attachment encryption and hyperlink transformation on Boxer, only if these features are enabled for the Boxer app configuration on the UEM console.
SEG supports attachment encryption with Exchange 2010/2013/2016 and Office 365.
The list gives you the greatest level of security with the easiest deployment and management.
|G mail||PowerShell||Secure Email Gateway (SEG)|
|Cloud Mail Infrastructure|
|Office 365||✓ **||✓ ^|
|On-premises Email Infrastructure|
|Exchange 2010||✓ ^||✓|
|Exchange 2013||✓ ^||✓|
|Exchange 2016||✓ ^||✓|
^Use the Secure Email Gateway (SEG) for all on-premises email infrastructures with deployments of more than 100,000 devices. For deployments of less than 100,000 devices, using PowerShell is another option for your email management. Refer to the Secure Email Gateway vs. PowerShell Decision Matrix.
**The threshold for PowerShell implementations is based on the most recent set of completed performance tests, and can change on a release by release basis. Deployments up to 50,000 devices can expect reasonably quick sync and run compliance time frames (less than three hours). As the deployment size expands closer to 100,000 devices, then administrators can expect the sync and run compliance processes to continue to increase in the 3–7 hour time frame.
Secure Email Gateway vs PowerShell Decision Matrix
The matrix informs you about the deployment features of SEG and PowerShell to help you choose which deployment suits your need.
|+ Microsoft suggests using Active Directory Federated Services (ADFS) for preventing direct access to Office 365 email accounts.|
Connecting IBM Notes Traveler Server through AirWatch Inbox
If you are using a Workspace ONE UEM Exchange ActiveSync profile to connect to an IBM Notes Traveler server through the Android AirWatch Inbox, you might receive an 'HTTP 449' response. This response is seen when an Android device attempts to connect to the Traveler server. This 'HTTP 449' error occurs if the ActiveSync policy headers sent from the client (and enforced through Workspace ONE UEM console) do not match the policy headers supported by the Traveler server.
To resolve such issues, follow these steps:
- Add the following flag to the notes.ini file on the Traveler server.
NTS_AS_PROVISION_EXEMPT_USER_AGENT_REGEX =(AirWatch*) | (Apple*; AWInbox*)
- Next, restart the Traveler server.
Adding this flag disables Traveler from enforcing any policies to the AirWatch Inbox. You must use Workspace ONE UEM for applying the required policies to the app.
Devices that use policies provisioned directly by Traveler (that is, not configured through Workspace ONE UEM), are not affected.
If you are using IBM Notes Traveler with SEG 7.3+, then the IBM Notes Traveler requires the Microsoft-Server-ActiveSync website support.