Configure Workspace ONE Boxer with application configuration values.

You can configure settings for your Workspace ONE Boxer deployment using the Configuration Key and Configuration Value pairs provided by Workspace ONE UEM.

Note: If you are using console 2004 or higher, you do not need to manually add all the configuration key-value pairs. You can configure most of the application configuration values using the settings available in the Email Settings and App Policies assignment pages. Some new features will require key-value pairs. If you input a key-value pair that has already been migrated to the new UI, a message is shown stating that a duplicate key is found. The settings for that feature can be found elsewhere in the UI depending if it is an account or app specific policy.

To configure these settings, enter the configuration key and the corresponding value into the Application Configuration setting during the app assignment.

Important: If Workspace ONE Boxer is already installed on end-user device, it might take few minutes for Workspace ONE Boxer to download the new profile settings.

Sync Period

Add this key value pair to configure the maximum number of past days of mail and calender to sync in the Workspace ONE Boxer app. This setting allows you to hide the No Limit feature available in the Workspace ONE Boxer app settings.

Configuration Key Value Type Configuration Value Description
PolicyEmailMaxSyncPeriod Integer 0 - sync all
1 - 1 day
2 - 3 days
3 - 1 week
4 - 2 weeks
5 - 1 month
Enter the number of days of past mail to sync.
PolicyCalendarMaxSyncPeriod Integer 0 - sync all
4 - 2 weeks
5 - 1 month
6 - 3 months
7 - 6 months
Enter the number of days of past calendar events to sync.

Note: Set the key value pairs to block syncing of all old emails and calendar until new emails or calendar events are synced first. Removing 0 from the key values disables the No Limit option for PolicyEmailMaxSyncPeriod and PolicyCalendarMaxSyncPeriod.

(iOS only) FastSync - Key Sync Escrow

Add the following key value pairs to improve the background syncing and speed of subsequent syncs.

Configuration Key Value Type Configuration Value Description
ENSEnableKeyEscrow Integer 0 - disabled (default)
1 - enabled
Set to enable FastSync.
ENSKeyEscrowExpiry Integer 48 hours (default) Set the expiration time in hours when Workspace ONE Boxer no longer receives this key.

Default S/MIME Signing and Encryption Algorithms

Add the following key value pairs to configure the default encryption algorithms for signing and encrypting S/MIME emails. When a default S/MIME algorithm is configured, Workspace ONE Boxer sends the outgoing emails with the default configured algorithm. Workspace ONE Boxer also checks the algorithms for the incoming emails. If the incoming emails are not configured with the default algorithm, a warning message is displayed in the conversation view.

Configuration Key Value Type Configuration Value Description
PolicySMIMEDefaultEncryptionAlgorithm String Allowed Values:
3DES
AES128
AES192
AES256
For example, PolicySMIMEDefaultEncryptionAlgorithm - [“3DES”]
Specify an encryption algorithm to use for incoming and outgoing emails. If a valid algorithm is not provided, the lowest supported algorithm is used (3DES).
PolicySMIMEDefaultSigningAlgorithm String Allowed values:
SHA1
SHA256
SHA384
SHA512
For example, PolicySMIMEDefaultSigningAlgorithm - [“SHA1”]
Specify a default S/MIME signing algorithm to use for incoming and outgoing emails. If a valid algorithm is not provided, the lowest supported algorithm is used (SHA-1).

(Android Only) S/MIME Algorithms Compliance

Add the following key value pairs to configure the list of algorithms that Workspace ONE Boxer checks for compliance when receiving a signed or encrypted S/MIME email. When set, only the configured algorithms are recognized by Workspace ONE Boxer. Workspace ONE Boxer displays non-compliance warning when accessing emails that are encrypted using any other algorithm, both strong or weak, than that are listed using the key value pairs.

Configuration Key Value Type Configuration Value Description
PolicySMIMEConformingEncryptionAlgorithms String Supported Values:
3DES
AES128
AES192
AES256
For example, PolicySMIMEConformingEncryptionAlgorithms = ["AES-128", "AES-256"]
Set the algorithms that are recognized by Workspace ONE Boxer for encrypting S/MIME emails.
PolicySMIMEConformingSigningAlgorithms String Supported Values:
SHA1
SHA256
SHA384
SHA512
For example, PolicySMIMEConformingSigningAlgorithms = ["SHA-256", "SHA-512"]
Set the algorithms that are recognized by Workspace ONE Boxer for signing S/MIME emails.

ENSv2 Notification Policy

Add the following key value pair to configure the ENS Notification Policy for Workspace ONE Boxer. When configured, Workspace ONE Boxer immediately re-subscribes to ENSv2 and notification policy is updated as per the set key value. For more information about configuring ENS2 for Workspace ONE Boxer, see VMware Email Notification Service v2.0 Installation and Configuration Guide available at docs.vmware.com.

Configuration Key Value Type Configuration Value Description
PolicyLimitNotificationText Integer 0 - sets notification to sender, subject and preview
1 - sets notification to sender and subject(default)
2 - sets notification to sender
3 - sets notification to generic message (new message)
4 - sets notification to none (only the badge is updated)
Configure the notification policy used by Workspace ONE Boxer.

Plain Text Mode

Add the following key value pair to configure Workspace ONE Boxer plain text mode.

Configuration Key Value Type Configuration Value Description
AppPlainTextMode Boolean False - disabled (default)
True - enabled
Set to True to enable Workspace ONE Boxer plain text mode.
When set, Workspace ONE Boxer retrieves only plain text from HTML mails when syncing. Workspace ONE Boxer sends only plain text regardless of the email message format. The formatting controls in compose view is disabled and only text can be copied and pasted from rich or HTML content.

Policy Allow Metrics

Add this key to define the policy for allowing collection of anonymous usage data to improve user's Workspace ONE Boxer experience. When enabled, a Data Sharing notice is displayed to user when Workspace ONE Boxer is launched. The device user can enable or disable data sharing by navigating to Settings > Privacy > Data Sharing.

Configuration Key Value Type Configuration Value Description
PolicyAllowMetrics Boolean False - disabled (default)
True - enabled
Set to True to enable data collection for Workspace ONE Boxer experience improvement.
The value of PolicyAllowFeatureAnalytics, when set from Custom SDK settings takes precedence over the value of PolicyAllowMetrics that is set from App Configuration Settings.

Minimum Characters for GAL Search

Add this key to define the minimum number of characters required to perform a Global Address List (GAL) search.

Configuration Key Value Type Configuration Value Description
AppMinGALCharacters Integer 2 - sets minimum characters to 2 before triggering a GAL search
3 - sets minimum characters to 3 before triggering a GAL search
4 (Exchange default) - sets minimum characters to 4 before triggering a GAL search
Set the minimum characters required for performing a GAL search.

Policy Allow Crash Reporting

Add this key to define the policy for reporting Workspace ONE Boxer crashes to VMware.

Configuration Key Value Type Configuration Value Description
PolicyAllowCrashReporting Boolean True - enabled (default)
False - disabled
Set to True to report Workspace ONE Boxer crashes to VMware.
The value of PolicyAllowCrashReporting, when set from Custom SDK settings takes precedence over the value that is set from App Configuration Settings.

(iOS only) Allow Print

Configuration Key Value Type Configuration Value Description
PolicyAllowPrint Boolean True - enabled (default)
False - disabled
Set to False to disable printing of emails from Workspace ONE Boxer.

Note: You can only print the email from a Boxer preview and not the attachments. To print attachments, open it to some third-party apps, and then print it from there.

(iOS only) Enforce HTTPS

From Workspace ONE Boxer v4.13 for iOS, adding this key value pair blocks email content from unsecured connections in Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
PolicyEnforceHTTPS Boolean False = disabled (default)
True = enabled
When set to True, email content from unsecured HTTP connections are not loaded. Outgoing links (hrefs) are not affected since the outgoing links can be controlled using Browser policy.

Limit Notification

Configuration Key Value Type Configuration Value Description
PolicyLimitNotificationText Integer 0 - Displays Sender, Subject, and Body Preview
1 - Displays Sender and Subject (Default)
2 - Displays Sender
3 - Generic notification (You've got a new email)
4 - No notification
Set configuration value to limit what is displayed in Workspace ONE Boxer notification.

Mark External Addresses

Add the following keys to configure Workspace ONE Boxer to warn the user when adding external recipients to emails.

Configuration Key Value Type Configuration Value Description
AppDomainsInternal String Provide the list of internal domains. For example, [vmware.com, air-watch.com]. Define the domains that are internal or permitted. The user can disable the warning using the 'Confirm before sending' setting in Workspace ONE Boxer when the internal domains are defined and AppDomainsWarning key is not set.
AppDomainsWarning Boolean False - disabled (default)
True - enabled
Set to True to enable warning when the user enters recipients from external domains. If the domains are configured and the AppDomainsWarning value is set to True, the 'Confirm before sending' setting is unavailable to the users. When the warning is displayed, the user can either Accept and return to the Compose email menu or Ignore and continue sending the email to external recipients.

If the AppDomainsInternal key is enabled and the AppDomainsWarning key is disabled, then the ‘Confirm before sending emails’ setting is disabled and the device user can toggle the setting in the Workspace ONE Boxer app as per requirement. If the 'AppDomainsInternal' key and 'AppDomainsWarning' key is disabled, then the 'Confirm before sending emails' setting is disabled and the device user can enable the setting in the Workspace ONE Boxer app as per requirement. If both the AppDomainsInternal and AppDomainsWarning is set to true, then the ‘Confirm before sending emails’ setting is enabled and is unavailable to the device user.

Mobile Flows

Add the following keys to configure Mobile Flows for Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
AppMobileFlowsEnabled Boolean False - disabled (default)
True - enabled
Set to True to enable Mobile Flows for Workspace ONE Boxer.
AppMobileFlowsHost String Provide a valid URL for the Mobile Flows host.
For example, http://acme.hero.acme1.com.
Define the URL for the Mobile Flows host.
AppMobileFlowsvIDM String Provide a valid URL for authenticating the device users. For example, http://acme.vIDM.acme2.com Defines the URL for the device user to authenticate.

Allow Local Calendars

Add this key to define the policy for local calendars in Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
PolicyAllowLocalCalendars Boolean True - enabled (default)
False - disabled
Set to True to enable local calendars in Workspace ONE Boxer. If disabled, the Local Contacts option in Workspace ONE Boxer is unavailable to the end users.

PolicyDerivedCredentials

Add this key to enable derived credentials authentication policy for Workspace ONE Boxer. When enabled, the device users must install VMware PIV-D Manager app for enrolling into Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
PolicyDerivedCredentials Integer 1- enabled
0 - disabled
Set to 1 to enable derived credentials enrollment in Workspace ONE Boxer.

Default Swipe Actions

Add this key to define the default swipe actions in Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
AppSwipesLeftShortDefault

AppSwipesLeftLongDefault

AppSwipesRightShortDefault

AppSwipesRightLongDefault
Integer 1 - actions grid
2 - archive
3 - delete
4 - move
5 - flag
6 - quick reply
7 - read or unread
8 - spam
Define the default swipe actions. User can customize swipe actions using the options provided in the Workspace ONE Boxer app.

Default Conversation View

Add this key to define the default policy for conversation view in Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
AppConversationViewDefault Boolean True - enabled (default)
False - disabled
Set to True to enable conversation threading by default. When set to False, the conversation threading option is disabled for the users.

Default Avatar Policy

Add this key to define the default policy for avatars in Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
AppAvatarsDefault Boolean True - enabled (default)
False - disabled
Set to True to enable avatars by default. User can change the Avatar setting using the options provided in the Workspace ONE Boxer app.

(iOS only) Allow Custom Keyboards

Add this key to define the policy for allowing third-party keyboards with Workspace ONE Boxer.

Configuration Key Value Type Configuration Value Description
PolicyAllowCustomKeyboards Boolean True - enable (default value for unmanaged device)
False - disable (default value for managed device)
Set to True to permit users to activate third-party keyboards within Workspace ONE Boxer.

Export Contacts by Default

Add this key to enable or disable exporting of contacts by default.

Configuration Key Value Type Configuration Value Description
AppDefaultCallerID Boolean True - enabled (default)
False - disabled
Set to true to enable the exporting of contacts by default. This setting requires the Caller ID option in the Workspace ONE UEM console to be set as Unrestricted.

Allow Caller ID (Contact Export for iOS)

Add this key to enable or disable Export Contact option in Workspace ONE Boxer for end users.

Configuration Key Value Type Configuration Value Description
PolicyAllowCallerID Boolean True - enabled (default)
False - disabled
Set to true to enable the exporting of contacts by the end users. This setting requires the AppDefaultCallerID configuration value set to 'enabled'. If disabled, the Export Contacts option in Workspace ONE Boxer is unavailable for the end users.

Note: Boxer contacts exported to iOS devices are not deleted upon an enterprise wipe and are retained in the device's native contact list. To trigger the deletion of the contacts from the iOS devices, the end user has to relaunch Boxer after the enterprise wipe.

Allow Archive

Add this key to enable or disable Archive action in Workspace ONE Boxer for end users.

Configuration Key Value Type Configuration Value Description
PolicyAllowActionArchive Boolean True - enabled(default)
False - disabled
Set to true to enable archive action by the end users. If disabled, the Archive option in Workspace ONE Boxer is unavailable for the end users.

Phishing Reporting

Add this key to enable phishing reporting action in Workspace ONE Boxer for end users.

Configuration Key Value Type Configuration Value Description
AppPhishEmailAddress string Any email address that is in valid format. The reported email is sent to the email address specified by the configuration value.

Restricting Third-Party Attachments

Add these keys to restrict the device user from attaching files to emails from multiple third-party sources.

Configuration Key Value Type Configuration Value Description
PolicyAllowDocProviders Boolean True - enable (default)
False - disable
Enables or disables attachments from external providers (iCloud, Dropbox, Google Drive, etc.) within Workspace ONE Boxer.
PolicyAllowOpenIn Integer 1 - allowed (default)
0 - not allowed
Enables or disables attaching of files from other apps using open-in or share into Workspace ONE Boxer. When open-in or sharing of attachments are disabled, the message 'Your administrator has restricted attachments from external applications' is displayed.
(iOS Only)
PolicyAllowPhotoAttachment
Boolean True - enable (default)
False - disable
Enables or disables attaching of images and media files from photo gallery and camera.

Restricting sharing of UNC/HTTP links

Add this key to restrict the sharing of UNC/HTTP links in an email with long tap menu.

Configuration Key Value Type Configuration Value Description
PolicyAllowSharingLinks Boolean True - enable (default)
False - disable
Enables or disables the sharing of UNC/HTTP links in an email. If set to False UNC/HTTP links cannot be shared.

S/MIME

Use these key value pairs to configure S/MIME support.

Configuration Key Value Type Configuration Value Description
PolicySMIME Integer 0 - disabled (default)
1 - allowed
2 - required
Changes the status of S/MIME support.
PolicySMIMEEnableRevocationCheck Integer 0 - disabled (default)
1 - enabled
Enable or disable Online Certificate Status Protocol (OCSP).
PolicySMIMERevocationCheckUrl String Supported format: http://ocsp.acme.us/
ocsp:88
Configure the Revocation check URL.
PolicySMIMERevocationCheckType Integer 0 - check entire chain(default)
1 - check only user certificate
Configure the revocation check type.
PolicySMIMERevocationUseAIA Integer 0 - disabled (don't use URL configured inside certificate for revocation status, use PolicySMIMERevocationCheckUrl only) (default)
1 - enabled (use URL configured inside certificate for revocation status check, fall back to PolicySMIMERevocationCheckUrl if it is unavailable)
2 - required (only use URL configured inside certificate to check for revocation status, ignore PolicySMIMERevocationCheckUrl)
Define the revocation usage policy.
PolicySMIMERevocationEnforceNonce Integer 0 - disabled (enforce nonce) (default)
1 - enabled (do not use nonce)
Define the nonce usage policy.
PolicySMIMERevocationTTL Integer 7 - Default value Define the amount of time to retain the revocation data.
PolicySMIMETrustStore Integer 0 - Device Trust Store (default)
1 - Workspace ONE Boxer Trust Store
Define the Trust Store.

Refetch Empty Links

To configure the refetch policy for non-standard URL schemes, add the following key value pair:

Configuration Key Value Type Configuration Value Description
AppRefetchEmptyLinksUsingMime Boolean True - enabled
False - disabled
Note: The default value on iOS is True, whereas the default value on Android is False.
For emails (fetched using HTML) that contain non-standard URL schemes, pointing to non-server domains, Exchange replaces the URL with two empty spaces. You can enable the PolicyRefetchEmptyLinksUsingMime key to detect this occurrence and redownload the affected body using MIME, which is not subject to the URL replacement error.

Modern Authentication

To enable modern authentication for Office 365 accounts, add the following key value pair:

Configuration Key Value Type Configuration Value Description
AccountUseOauth Boolean False - disable (default)
True - enable
Enables or disables modern authentication for Office 365 accounts. When enabled, during enrollment, users are redirected to the login page for entering email password.

Workspace ONE Boxer also supports Certificate-Based Authentication with Modern Authentication (CBA with Modern Authentication).

Note:

  • Modern authentication is enabled by default for personal (non-managed) Exchange accounts.
  • iOS does not support Certificate-based authentication using Modern Authentication unless using PIV-D. Only Android supports this authentication mode.

You must set the following authentication types in addition to the AccountUseOauth key to support the modern authentication:

  • Set the authentication type to Basic and add the key for Modern Authentication with password.
  • Set the authentication type to Certificate and add the modern authentication key with only authentication certificates or set the authentication type to Both and add the modern authentication key with both authentication certificate and password.

    Note: These types of authentication only work when MDM is deployed on iOS Boxer. Boxer for Android supports both MDM and MAM.

Enable Umlaut Characters in Login Password on Android Devices

By default, Workspace ONE Boxer uses UTF-8 decoding while authenticating users. Boxer's authentication fails if your Exchange password contains umlaut characters (ä, Ë, ë, Ï, ï) as UTF-8 does not support these characters.

To support umlaut characters, add the following key to change Boxer's encoding from UTF-8 to ISO-8859-1.

Configuration Key Value Type Configuration Value Description
EnableNewAuthEncoding Boolean False - disabled (default)
True - enabled
Set the value to true to change the Boxer encoding to ISO-8859-1 that supports umlaut characters.

Downloading Attachments

Add this key value pair to enable or disable downloading of attachments.

Configuration Key Value Type Configuration Value Description
PolicyAllowAttachmentsDownload Boolean True - enable (default)
False - disable
Enables or disables downloading of attachments.

Managing Attachments

Add this key value pair to enable or disable attachments for sending mails..

Configuration Key Value Type Configuration Value Description
PolicyAllowAttachments Boolean True - enable (default)
False - disable
Enables or disables attachments for sending mails.

Spam Reporting

Add the following configuration keys to forward a spam marked email to the configured address and then delete the email from the user’s account once it has been forwarded to the configured address.

Configuration Key Value Type Configuration Value Description
AppSpamForwardAddress String Valid email address spam@email.com. Set the email address where spam emails are sent.
PolicyDeleteOnSpamForward Boolean False - disable (default)
True - enable
Set to delete the spam email from the user’s device after forwarding.
PolicyAllowActionSpam Boolean True - enabled (default)
False - disabled
Set to true to enable spam action by the end users. If disabled, the Spam option in Workspace ONE Boxer is unavailable for the end users.

Activate SSO

If SSO is enabled in Security Policies, enable Application uses AirWatch SDK and assign the following application configuration key to add SSO functionality for Workspace ONE Boxer. For using SSO functionality in Workspace ONE Boxer (iOS and Android), you must have Workspace ONE console version 9.0.5 or above.

Configuration Key Value Type Configuration Value Description
AppForceActivateSSO Boolean True - enable
False - disable
Enables or disables SSO for Workspace ONE Boxer.Enterprise Content requires this value to be set to true.

Note:

  • To run the mobile SSO authentication smoothly on your Android device, make sure you use the latest version of Chrome.
  • If you want to make the Forgot Passcode option available to your users, you must enable the AppForceActivateSSO key and configure SSO in theWorkspace ONE UEM console. For more information about SSO, see Security Policies for the Default SDK Profile

Health Check - Boxer Version update for iOS devices

Add the following console key to alter the app opened when the user taps to update Boxer.

Configuration Key Value Type Configuration Value Description
AppUpdateSource Integer 0 (default) - App Store
1 - Intelligent Hub
Set the value to 1 to change the default app opened when the user taps to update Boxer from the Health Check screen.

QuickJoin - Vanity URL Support

To configure Boxer to detect meeting links with vanity URLs, add the following key in the Boxer's application configuration.

Configuration Key Value Type Configuration Value Description
PolicyCustomOnlineMeetingUrls String A JSON formatted string containing a map of the meeting types and corresponding set of wildcard URLs. Set these URLs in the console corresponding to the meeting types to permit Boxer to detect meeting links with vanity URLs.
Validate the format externally before entering into the UEM Console.

Example of a configuration value:

{   "skype":[ 
      "https://lync.company.com/*",
      "https://sample.us/j/*"
   ],
   "zoom":[ 
      "https://meetings.company.com/*",
      "https://sample.us/j/*",
      "https://mtg.company.com/*"
   ],
   "webex":[ 
      "https://webex.company.com/*"
   ]
}

Browser Exception List

You can use the AppDefaultBrowserExceptions key to create exception lists for hyperlinks when hyperlinks are Restricted or Unrestricted in the Workspace ONE UEM console.

You can configure the key value pairs to support the following functionalities:

  • If hyperlinks are restricted in the Workspace ONE UEM console, all links open in Workspace ONE Web.
  • If hyperlinks are restricted, but has an exception list, all available browsers are displayed but only links in the exception list opens in the default browser.
  • If hyperlinks are unrestricted in the Workspace ONE UEM console, all available browsers are displayed and all links open in the default browser.
  • If hyperlinks are unrestricted in the Workspace ONE UEM console, but has an exception list, all available browsers are displayed and the links in the exception list only opens in Workspace ONE Web.
Configuration Key Value Type Configuration Value Description
AppDefaultBrowserExceptions String AppDefaultBrowserExceptions = [".acme.com", "acme.acme1.com", "source.acme.com", "acme.com"] Creates an exception list to restrict and unrestrict specific links from opening in the default browser.

Note: If the browser exception regex value is set to *google.com and the user receives a link in Boxer such as https://www.gooogle.com, then this link opens in Workspace ONE Web application as it matches the wildcard for browser exception. However, if the link is like https://www.abc.com/?url=https://www.google.com/, then the regex fails to match and the link can be open in any of the browser.

Enterprise Content

To configure Enterprise Content in Boxer, add the following key to Boxer's application configuration.

Configuration Key Value Type Configuration Value Description
PolicyAllowEnterpriseContent Boolean True - enable
False - disable
Set the value to true to configure Enterprise Content in Boxer.

Note: Enterprise Content requires setting the key AppForceActivateSSO to true.

Watermark Support

You can add a customized watermark text that covers sensitive areas in Boxer.

To configure the watermark, add the following keys to Boxer’s application configuration.

Configuration Key Value Type Example Configuration Value Description
PolicyWatermarkText String CustomWatermarkText Defines the watermark text.
PolicyWatermarkOpacity Integer 20 (default) (Optional) Defines the opacity of the text.You can set any number from 0 through 100.
PolicyWatermarkColor String #0079B8 (default) (Optional) Defines the color of the text in the hexadecimal format.Blue is the default color.

Note: Ensure that the watermark text has appropriate visibility in Dark Mode or Dark Theme when you set the color and opacity value different from the default value.

Security Classifications

Enable Email Classification Marking to assign security classifications to the emails sent from Workspace ONE Boxer. Assign the following application configuration keys and values to enable Email Classification Marking feature:

Note: Email classification is a supported feature in Delegated and Shared Accounts.

Configuration Key Value Type Configuration Value Description
PolicyClassMarkingsEnabled Integer 0 - disable (default)
1 - enable
Enables or disables classification markings.
PolicyClassMarkingsXHeader String x-header-name (Optional) Enables and defines x-header for classification.
PolicyClassVersion String 1.0 Version number for classification feature.
PolicyClassMarkingsRankEnabled Integer 0 - disable (default)
1 - enable
(Optional) Enables hierarchical classification ranking.
PolicyClassMarkingsDefaultClass String Confidential, Restricted, Protected, or Secret (Optional) Set the default classification for emails. The value must match a display name from an entry in the PolicyClassMarkings configuration value.
PolicyClassMarkings String PolicyClassMarkings Configuration Value Defines the hierarchical list of classifications.

PolicyClassMarkings Configuration Value

[{
			"Rank": 4,
			"DisplayName": "Secret",
			"Description": "This is secret...",
			"Subject": "(Secret)",
			"TopBody": "Classification: Secret",
			"BottomBody": "Classification: Secret",
			"XHeader": "Secret"
			}, {
			"Rank": 3,
			"DisplayName": "Restricted",
			"Description": "This is restricted...",
			"Subject": "(Restricted)",
			"TopBody": "Classification: Restricted",
			"BottomBody": "",
			"XHeader": "Restricted"
			}, {
			"Rank": 2,
			"DisplayName": "Protected",
			"Description": "This is protected...",
			"Subject": "[Sec=Protected]",
			"TopBody": "",
			"BottomBody": "Classification: Protected",
			"XHeader": "Protected"
			}, {
			"Rank": 1,
			"DisplayName": "Confidential",
			"Description": "This is confidential...",
			"Subject": "(Confidential)",
			"TopBody": "Classification: Confidential",
			"BottomBody": "Classification: Confidential",
			"XHeader": "Confidential"
		}]

Enforce Users to Classify Emails

After you enable the email classification marking feature, you can further add a key to force your users to set an appropriate classification to the emails they compose.

When the user attempts to send a message without a classification, Boxer prompts the user to select one, only after which the user is allowed to send the email.

Configuration Key Value Type Configuration Value Description
PolicyClassMarkingsRequired Integer 0 (default) - disabled

1 - enabled
Set the value to 0 to allow the user to send emails without selecting a classification.

Set the value to 1 to force the user to select a classification before they can send the email.

Restrict Screenshots in Boxer on Android Devices

Add the following key to restrict Android device users from taking screenshots in Boxer:

Configuration Key Value Type Configuration Value Description
PolicyRestrictScreenshots Boolean False - screenshots allowed (default)
True - screenshots restricted
Set the value to true to restrict taking of screenshots in Boxer.

Skipping the In-App Tutorial in Android Boxer

Add the following key to Boxer's application configuration:

Configuration Key Value Type Configuration Value Description
AppShowFirstTimeTutorials Boolean True - enabled (default)
False - disabled
Set the value to false to disable the in-app tutorials.

Skipping the Battery Optimization Screen in Android Boxer

Add the following key to Boxer's application configuration:

Configuration Key Value Type Configuration Value Description
AppShowOptOutBatteryOptimizationScreen Boolean True - enabled (default)
False - disabled
Set the value to false to skip the Battery Optimization screen.

Enable S/MIME Signing by default for iOS Boxer

Add the following key to enable the S/MIME digital signing for all outgoing email messages by default. To enable this option, you must also ensure that the S/MIME is enabled and configured on the Exchange account.

Configuration Key Value Type Configuration Value Description
AccountSMIMESignByDefault Boolean True - enabled (default)
False - disabled
Use this key to digitally sign all outgoing emails by default. When the key value is set to true, the S/SMIME signing is always enabled in the Boxer Settings and the users are not allowed to change this setting.

If the admin has not configured the AccountSMIMESignByDefault key, users can also set the S/MIME signing as a default option when S/MIME is enabled for that Exchange account. To do so, user must navigate to Boxer Settings > Account > S/MIME > On > Sign > On and enable the Sign email by default option.

Note: Even if the SMIME signing is enabled by default, users can always opt to disable signing when composing any specific email.

Enable AIP Sensitivity Labels in Workspace ONE Boxer

Add the following key to the Boxer's application configuration.

Configuration Key Value Type Configuration Value Description
PolicySensitivityLabelsEmailClassification Boolean False - disabled (default)
True - enabled
Set the key value to true to enable the AIP Sensitivity labels in Workspace ONE Boxer.

Configure Purebred as a Certificate Source for Android Boxer

Add the following keys to the Boxer's application configuration.

Configuration Key Value Type Configuration Value Description
PolicyDerivedCredentials Integer 2 Set the value to 2, to configure Purebred as a certificate source for Certificate-based authentication (CBA). The default value of this key is 0.
PolicyDerivedCredentialsSMIME Integer 2 Set the value to 2, to configure Purebred as a certificate source for S/MIME certificates. By default, the value of this key is 0 and the certificate source is the Workspace ONE UEM Console.

Note: To enable S/MIME, you must configure the PolicySMIME key.

Configure Android Boxer to Verify Purebred

Security is at risk if a malicious app pretends to be the Purebred app. Boxer uses the public signing key from the Purebred app to verify app communication to mitigate such security concerns.

Since Purebred is not a Play Store app, if Purebred changes the signing key, the admins can override the signing key using the AppPurebredPublicKey configuration key. Boxer uses an additional configuration key to verify the package name of the trusted Purebred app.

Configuration Key Value Type Configuration Value Description
AppPurebredPublicKey String A new Purebred public signing key. Use this key to override the Purebred public signing key to verify the Purebred Registration application.
AppPurebredPackageName String The package name of the trusted Purebred app Sets the trusted Purebred package name to verify the app.

Note:You must configure both the keys for Boxer to perform trust check on the Purebred app available on the device.

Excluding Sender's Email Signature from the Conference Dialer

Add the following key to exclude the phone numbers displayed in the sender's email signature when viewing the OneTap dialing section of a calendar invite.

Configuration Key Value Type Configuration Value Description
AppExcludeSignatureFromEventParsing Boolean False - disabled (default)
True - enabled
When the key value is set to True, the phone numbers in the sender's email signature is removed from the OneTap dialing section of a calendar invite.

Enable Microsoft Teams Meetings

Add the key value pair to show the Team Meetings toggle button in the New Event screen when creating a new calendar event. When enabled, you can see the toggle button to add the Teams Meeting to your calendar invites.

Configuration Key Value Type Configuration Value Description
EnableTeamsOnlineMeetings Boolean True - Enabled
False - Disabled (Default)
Set to True to show the Team Meetings toggle button.
Set to false to hide the Teams Meetings toggle button.

Note: You must use Modern Authentication, EWS, and Exchange Online (Office 365) to show the Teams Meetings toggle. In Azure, administrators must allow access to the Teams app and provide consent on behalf of users in the tenant. If you do not do so, each user must manually consent for the first time when a creating a Teams meeting. This is only for regular meetings that include audio, video and screen sharing for up to 250 people. We do not currently support Teams live events.

Important Notes

If a user has changed any settings on the Boxer application, as an administrator you cannot modify the following console keys:

  • AccountDefaultSignature
  • AccountName
  • AccountUserDisplayName
  • AccountSyncEmail
  • AccountSyncCalendar
  • AccountSyncContacts
  • AccountNotifyEmail
  • AccountNotifyCalendar
  • AccountNotifyPush

Boxer maintains a flag indicating whether the setting has been changed. Even if the user changes the local setting identical to default, Boxer still treats it as a user change. If a local change is not made by the user, the updated console configuration is used.

Note: Any configuration changes for Boxer made on the console takes around 15 minutes to reflect the change on the device.

For the following console keys, we honor the user's change and their preferred Sync period is kept same as described above with an exception. If their sync period is lower than the PolicyEmailMaxSyncPeriod and PolicyCalendarMaxSyncPeriod keys, the change remains. For example, if the Max is initially 2 weeks and the user selects to reduce it to 1 week and then the Max is increased to 1 month, the synchronization period fulfills the user's 1 week setting. If the Max is reduced to three days, the sync period of the user is changed to three days.

Configuration Key Value Type Configuration Value Description
PolicyEmailMaxSyncPeriod Integer 1 - 1 day
2 - 3 days
3 - 1 week
4 - 2 weeks
5 - 1 month
The default period of email to sync.
PolicyCalendarMaxSyncPeriod Integer 4 - 2 weeks
5 - 1 month
6 - 3 months
7 - 6 months
The default period of calendar to sync.
check-circle-line exclamation-circle-line close-line
Scroll to top icon