You can add a resource dedicated to providing devices with the means to send and receive secure email communications while managed under Workspace ONE UEM powered by AirWatch.

For an overview, see Resources.

Procedure

  1. Navigate to Devices > Profiles & Resources > Resources and select Add Resource followed by Exchange and complete the following settings.
    Setting Description
    Resource Details
    Resource Name Name of the profile to be displayed in the Workspace ONE UEM console.
    Description A brief description of the profile that indicates its purpose.
    Connection Info
    Mail Client

    Select the email client you want to use with the resource.

    Exchange Host

    Enter the Exchange Host for the email account to be included in the resource.

    Use SSL

    Enable a secure socket layer for this mail client.

    Advanced
    Domain*

    Enter a lookup value for the email domain.

    User name* Enter a lookup value for the email user name.
    Email Address* Enter a lookup value for the email address.
    Password

    Enter the password for the email account. Enable the Show Characters check box to display the unredacted password.

    Identity Certificate Upload and attach a certificate authority to the email account by selecting the Add A Certificate button.
    Past Days of Mail to Sync Select the length of email history you want to synchronize. Choose from 3 Days, 1 Week, 2 Weeks, 1 Month, and Unlimited.
    Sync Calendar Choose to synchronize your device calendar with the exchange calendar. This setting is enabled by default on iOS and macOS devices.
    Sync Contacts Choose to synchronize your device contacts with the exchange contacts. This setting is enabled by default on iOS and macOS devices.
    * For details, see Lookup Values.
  2. Click Next to proceed to the Platforms selection. Choose among the following supported platforms, opting for either the default settings or Advanced Settings.
    • iOS.
      • Setting Description
        Use S/MIME. Use Secure Multipurpose Internet Mail Extensions, a public key encryption and signing standard.
        S/MIME Certificate Only available when Use S/MIME is enabled. Add a signing certificate to emails by selecting Add A Certificate.
        S/MIME Encryption Certificate Only available when Use S/MIME is enabled. Add a certificate that encrypts and digitally signs email by selecting Add A Certificate.
        Enable Per-Message Switch. Only available when Use S/MIME is enabled. Allow end users to choose which individual email messages to sign and encrypt using the native iOS mail client (iOS 8+ supervised only).
        Settings and Security
        Prevent moving messages. Prevent moving mail from an Exchange mailbox to another mailbox on the device.
        Prevent use in third-party apps. Prevent other apps from using the Exchange mailbox to send messages.
        Prevent Recent Address syncing. Prevent suggestions for contacts when sending mail in Exchange.
        Prevent Mail Drop. Prevent Apple's Mail Drop feature from being used.
    • macOS.
      • Setting Description
        Internal Exchange Host The name of the secure server for EAS use. This option and following appear when Native Mail Client is selected.
        Port Enter the number of the port assigned for communication with the Internal Exchange Host.
        Internal Server Path The location of the secure server for EAS use.
        Use SSL For Internal Exchange Host.

        Communicate with the Internal Exchange Host by enabling the Secure Socket Layer (SSL).

        External Exchange Host. The name of the external server for EAS use.
        Port Enter the number of the port assigned for communication with the External Exchange Host.
        External Server Path The location of the external server for EAS use.
        Use SSL For External Exchange Host.

        Communicate with the External Exchange Host by enabling the Secure Socket Layer (SSL).

    • Android.
      • Setting Description
        Settings
        Past Days of Calendar to Sync Synchronize a selected number of past days on the device calendar.
        Allow Sync Tasks Allow tasks to sync with device.
        Maximum Email Truncation Size (KB) Specify the size (in kilobytes) beyond which email messages are truncated when they are synced to the devices.
        Email Signature Enter the email signature to be displayed on outgoing emails.
        Ignore SSL Errors Allow devices to ignore SSL errors for Agent processes.
        Restrictions
        Allow Attachments Allow attachments with email.
        Maximum Attachment Size Specify the maximum attachment size in MB.
        Allow Email Forwarding Allow the forwarding of email.
        Allow HTML Format

        Specify whether email synchronized to the device can be in HTML format.

        If this setting is disabled, all email is converted to text.

        Disable screenshots Disallow screenshot to be taken on the device.
        Sync Interval Enter the number of minutes between syncs.
        Peak Days for Sync Schedule
        • Schedule the peak weekdays for syncing and the Start Time and End Time on selected days.
        • Set the frequency of Sync Schedule Peak and Sync Schedule Off Peak.

          • Selecting Automatic syncs email whenever updates occur.
          • Selecting Manual only syncs email when selected.
          • Selecting a time value syncs the email on a set schedule.
        • Enable Use SSL, Use TLS, and Default Account.
        S/MIME Settings
        Select Use S/MIME. From here, you can select an S/MIME certificate you associate as a User Certificate on the Credentials payload.
        • S/MIME Certificate – Select the certificate to be used.
        • Require Encrypted S/MIME Messages – Require encryption of S/MIME messages.
        • Require Signed S/MIME Messages – Require all S/MIME messages be digitally signed.

        Provide a Migration Host if you are using S/MIME certificates for encryption.

    • Windows Desktop.
      • Settings Descriptions
        Settings
        Next Sync Interval (Min)

        Select the frequency, in minutes, that the device syncs with the EAS server.

        Diagnostic Logging Log information for troubleshooting purposes.
        Content Type
        Allow Email Sync Allow the syncing of email messages.
  3. Click Next to proceed to the Assignment section.
  4. Assign the resource to devices by completing the following settings.
    Setting Description
    Assignment Type

    Determines how the resource is deployed to devices.

    • Auto – The resource is deployed to all devices automatically.
    • Optional – An end user can optionally install the resource from the Self-Service Portal (SSP), or it can be deployed to individual devices at the discretion of the administrator.
    Managed By The organization group with administrative access to the resource.
    Assigned Groups

    Refers to the group to which you want the device resource added. Includes an option to create a new smart group which can be configured with specs for minimum OS, device models, ownership categories, organization groups and more.

    Exclusions If Yes is selected, a new text box Excluded Groups displays which enables you to select those groups you want to exclude from the assignment of this resource.
    View Device Assignment After you have made a selection in the Assigned Group text box, you may select this button to preview a list of all devices to which this resource is assigned, taking the smart group assignments and exclusions into account.