To implement the SEG (V2) for your email architecture, first configure the settings on the UEM console. After you configure the settings, you can download the SEG installer from the Workspace ONE resource portal.

Procedure

  1. In the UEM console, navigate to Email > Settings and select Configure. The Add Email Configuration wizard displays.
  2. In the Platform tab of the wizard:
    1. Select Proxy as the Deployment Model.
    2. Select the Email Type (Exchange, IBM Notes, or Google).
    3. If you selected Exchange as the email type, then select the appropriate exchange version from the drop-down menu. Click Next.
      Example of email servers is Exchange, IBM Notes, or Google.
  3. Configure the basic settings in the Deployment tab of the wizard and then select Next.
    Setting Description
    Friendly Name Enter a friendly name for the SEG deployment. This name gets displayed on the MEM dashboard.
    External URL and Port Enter the URL and port number for the incoming mail traffic to SEG.
    Listener Port The SEG listens for device the communication through this port. The default port number is 443. If SSL is enabled for SEG, the SSL certificate is bound to this port.
    Terminate SSL on SEG

    Enable this option if you want the SSL certificate to be sent from the SEG instead of offloading on a web application firewall. Upload a .pfx or .p12 certificate file including the root and intermediate certificates.

    Upload Locally Select to upload the SSL certificate locally during installation.
    SEG Server SSL Certificate Select Upload to add the certificate that binds to the listening port. The SSL certificate can be automatically installed instead of providing it locally. An SSL certificate in the .pfx format with a full certificate chain and private key included must be uploaded. See, the Upload the SSL Certificate after Renewal topic to understand the methods to upload the SSL certificate after renewal.
    Email Server URL and Port Enter the email server URL and port number in the form https://email server url:email server port. The SEG uses the following URL for proxying email requests to the email server. If using Exchange Online, enter the https://outlook.office365.com URL.
    Ignore SSL Errors between SEG and email server Select Enable to ignore the Secure Socket Layer (SSL) certificate errors between the email server and the SEG server.
    Ignore SSL Errors between SEG and AirWatch server Select Enable to ignore Secure Socket Layer (SSL) certificate errors between the Workspace ONE UEM server and the SEG server.

    Establish a strong SSL trust between the Workspace ONE UEM and the SEG server using valid certificates.

    Allow email flow if no policies are present on SEG Select Enable to allow the email traffic if SEG is unable to load the device policies from the Workspace ONE UEM API. By default, the SEG blocks all email requests if no policies are locally present on the SEG.
    Note: A list of all the device records with the corresponding compliance status is provided. SEG does not calculate the compliance of a given device by itself, instead uses the data received from the Workspace ONE UEM console.
    Enable Clustering

    Select Enable to enable clustering of multiple SEG servers.

    When clustering is enabled, policy updates are distributed to all SEGs in the cluster. The SEGs communicate with each other through the SEG clustering port.

    SEG Cluster Hosts Add the IPs or hostnames of each server in the SEG cluster.
    SEG Cluster Distributed Cache Port Enter the port number for SEG to communicate to the distributed cache.
    SEG Clustering Port Enter the port number for SEG to communicate to the other SEGs in the cluster. Enable clustering to have multiple SEG servers operating as a cluster.
  4. Select Next in the Profile tab of the wizard. If necessary, assign an email profile to the MEM configuration. Select Next in the Profile tab of the wizard.
  5. On the Summary tab, review the configuration that you have just created. Select Finish to save the settings.
  6. Download the SEG installer from the Workspace ONE resource portal.
  7. Configure any additional settings for your SEG using the Advanced option.
    Setting Description
    Use Default Settings The Use Default Settings check box is enabled by default. To modify the advanced settings, you must uncheck this box.
    Enable Real-time Compliance Sync Enable this option to send the compliance information to the SEG in real-time. Without this, individual changes to the device policies are refreshed per the delta sync interval.
    Required transactions The Required transactions cannot be disabled.
    Optional transactions Enable or disable the optional transactions such as Get attachment, Search, Move Items, and so on. The following are the Exchange Active Sync (EAS) transactions that the SEG reports to the console and are displayed on the Email List View in the Last Command column.
    Diagnostic Set the number and frequency of transactions for a device when the test mode is enabled.
    Sizing Set the frequency of SEG and API server interaction.
    Skip Attachment & Hyperlink transformations for S/MIME signed emails Enable to exempt the encryption of attachments and transformation of hyperlinks through SEG for emails that are signed with S/MIME certificates.
    Enable S/MIME repository lookup

    Enable to permit the automatic lookup of the S/MIME certificate managed in a hosted LDAP directory.

    You must restart SEG after enabling this feature.

    Block Attachments

    Used to control the default action when SEG is unable to communicate with the Workspace ONE UEM or when the local policy set is empty.

    Default Message for Blocked Attachments Configure the message that is displayed to end users when SEG blocks attachments.