Use the following steps to create a configuration profile for the AirWatch Inbox.

  1. Navigate to Devices > Profiles & Resources > Profiles.
  2. Select Add and select iOS as the platform.
  3. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  4. Select the Exchange ActiveSync payload and then select the AirWatch Inbox from the Mail Client drop-down.
  5. Enter the Exchange ActiveSync Host, which is the information of your EAS server. For example: webmail.Workspace ONE
    • Enable Ignore SSL Errors to allow the devices to ignore Secure Socket Layer errors from agent processes.
    • Enable Use S/MIME to select the certificate/smart card for signing and encrypting email messages. Before enabling this option, ensure that you have uploaded necessary certificates under the Credentials profile settings.

      You do not need to upload any certificates if a smart card is selected as the credential source in the Credentials profile settings.

    • Select the certificate/smart card to sign only email messages in the S/MIME Certificate text box.
    • Select the certificate/smart card to both sign and encrypt email messages in the S/MIME Encryption Certificate text box.
    • If the smart card is selected, default information populates the Smart Card Reader Type and Smart Card Type.
    • Choose the Smart Card Timeout interval.
  6. Enter Login Information to authenticate user connections to your EAS Host. The profile supports lookup values for inserting enrollment user’s information and login information.

  7. Configure Settings, such as:
    • Enable Calendar
    • Enable Contacts
    • Caller ID
    • Sync Interval – The frequency with which the Workspace ONE UEM Inbox app syncs with the email server.
    • Email Notifications – Configure how end users can be notified of new emails. Disabled means they do not receive a notification. You can also trigger the device to play an alert sound, or allow the device to display specific email message details such as the sender, subject, and message preview.
    • Past Days of Mail to Sync
    • Past Days of Calendar to Sync
    • Enable HTML Email
    • Email Signature
    • Enable Signature Editing
  8. Configure a Passcode for Workspace ONE UEM Inbox. You can require an end user to enter a passcode when the Workspace ONE UEM Inbox is opened. This is not the email account password, but the passcode the user enters to access the application. The following passcode settings are available: 

    • Authentication Type

      To allow iOS users to log in using their Workspace ONE UEM credentials, select Username and Password as the Authentication Type under the Passcode section.

    • Passcode Complexity – Determine whether the password is simple or complex.
    • Minimum Length – Set the minimum number of characters allowed for the passcode.
    • Minimum Number of Complex Characters, if the Complexity is set to Alphanumeric.
    • Maximum Passcode Age (days) – Limit the number of days allowed before passcode has to be reset.
    • Passcode History – Determine the history of passcodes used to prevent the user from reusing passcodes.
    • Auto-Lock Timeout (min) – Set the number of minutes before the device automatically locks.
    • Maximum Number of Failed Attempts – Determine the number of passcode entry attempts allowed before the data in Workspace ONE UEM Inbox are erased.
  9. Configure more restrictions and security settings. The following restrictions are available:

    • Allow/Disable Copy and Paste
      • Disable user’s ability to long press email text and copy it to the clipboard.
      • Disable user’s ability to copy text from outside of the email client and paste it into a mail message.
    • Restrict all links to open in the VMware Browser app only

      Consider using this setting instead of the SEG policy to transform hyperlinks where the use case allows for increased SEG performance.

    • Restrict attachments to open only in the VMware Content Locker

      Consider using this setting instead of the SEG policy to encrypt attachments where the use case allows for increased SEG performance.

    • Set a Maximum Attachment Size (MB)
    • Allow Printing
  10. Select Save & Publish.

    WS_inbox configuration

Username and Password

You can define the user name that is assigned for users to log in to the Workspace ONE UEM Inbox. The user name can be their actual email address or an email user name that is different from their actual email address. When configuring the Exchange ActiveSync (EAS) payload in the Workspace ONE UEM Inbox profile settings, there is a User text box under Login Information that you can set to a predefined lookup value.

If you have email user names that are different than user email addresses, you can use the {EmailUserName} text box, which corresponds to the email user names imported during directory service integration. Even if your user user names are the same as their email addresses, use the {EmailUserName} text box, because it uses email addresses imported through the directory service integration.

Removing Profile or Enterprise Wiping

If the profile is removed by using remove profile command, enforcing compliance policies, or through an enterprise wipe, the following email data gets deleted:

  • User account/login information.
    • Email message data.
  • Contacts and calendar information.
  • Attachments that were saved to the internal application storage.

    Attachments saved outside of Workspace ONE UEM Inbox are notdeleted.