This section provides information on the frequently asked questions about ENS2 functionality.
How are credentials or authentication tokens handled?
- Although the client shares the credentials or tokens with the ENS2 environment upon registration, they are not saved on Workspace ONE UEM servers. The Exchange server sends the encrypted authentication information back to Workspace ONE UEM as part of a notification whenever a new email is available. From that notification (Exchange to ENS2), the credentials are decrypted and used to make any requests necessary to the Exchange server. The credentials are discarded after performing the necessary requests.
If credentials are not saved, what data is saved by ENS? How secure is ENS?
Workspace ONE stores a list of devices and a list of public private key pairs used to decrypt the credentials when the notifications are sent from Exchange. The database is saved on a Virtual Private Cloud (private sub-net) secured using firewall. There is no direct access from the internet to this sub-net. All access is controlled using VPC and Firewall rules and only web servers with a single account have access to the database.
Workspace ONE saves the log files to help debug issues and monitor the system. The log does not contain any private information (PI) of the customers and access is secured using account permissions.
Where is ENS hosted? Are there instances configured to serve each region based on data sovereignty laws?
- ENS is hosted in multiple regions. We have various environments spanning the US, Europe, and Asia regions that permit us to abide by data sovereignty rules.
What data is transmitted through the ENS server without being saved? How is it secured?
User credentials that are encrypted with RSA encryption.
Email subject and sender (sent using HTTPS).
- Future functionality: The functionality to control what data (if any) is sent or fetched for the notification. You can also control the data from an email that is used in the notification payload.
All communication is made through HTTPS.
What is the dependency of ENS on cloud services?
AWS Simple Notification Service (SNS) is used for managing push notification.
Apple Push Notification Service (APNs). APNs is mandatory for passing notifications to Apple devices.
AWS Relational Database Service (RDS) is used for data persistence.
What is the user agent utilized by ENS2 when sending requests to Exchange?
MailNotificationService/v2 (ExchangeServicesClient/15.00.0913.015). The value '15.00.0913.015' will change as new libraries from Microsoft are released and are updated for using ENS2.
What email folders does ENS2 monitor for incoming messages and actions?
ENS2 only monitors each user’s Inbox folder.