Email policies enhance security by restricting access based on the device status and general mail client characteristics. These policies allow for granular control over the devices that are approved for accessing email.
- Mail client compliance is not supported on Windows Phone.
- The Sync Settings policy is not applicable for SEG V2 architecture.
General Email Policies
The general email policies used to restrict email access to devices are listed in the following table.
|Sync Settings||Prevents the device from syncing with specific EAS folders. Workspace ONE UEM prevents devices from syncing with the selected folders irrespective of other compliance policies.
For the policy to take effect, you must republish the EAS profile to the devices as this forces devices to re-sync with the email server.
|Managed Device||Restricts email access only to managed devices.|
|Mail Client||Restricts email access to a set of mail clients.|
|User||Restricts email access to a set of users based on the email user name.|
|EAS Device Type||Allow or block devices based on the EAS Device Type attribute reported by the end-user device.|
Managed Device Policies
The managed device policies that restricts email access to devices based on factors such as device status, model and operating system are listed in the following table.
|Inactivity||Prevents inactive and managed devices from accessing email. You can specify the number of days a device shows up as inactive before email access is disabled. The minimum accepted value is 1 and maximum is 32767.|
|Device Compromised||Prevents compromised devices from accessing email. Note that this policy does not block email access for devices that have not reported compromised status to VMware AirWatch.|
|Encryption||Prevents email access for unencrypted devices. Note that this policy is applicable only to devices that have reported data protection status to VMware AirWatch.|
|Model||Restricts email access based on the platform and model of the device.|
|Operating System||Restricts email access to a set of operating systems for specific platforms.|
|Require ActiveSync Profile||Restricts email access to devices whose email is not managed through an Exchange ActiveSync profile.|
Email Security Policies
The email security policies that take actions against devices accessing attachments and hyperlinks are listed in the following table.
|Email Security Classification||
Define actions for SEG to take against emails that are with or without security tags. You can either use predefined tags or create your own tags. You can enable restricted access to VMware AirWatch Inbox and Workspace ONE Boxer based on these tags and define the default behavior for other email clients. You can either allow or block emails.
If you choose to block emails, you can replace the email contents with a helpful message using the available templates configured at Message Template settings. These configured templates can be selected from the Select Message Template drop-down menu. Also, lookup values are not supported for Block Email message template.
|Attachments (managed devices)||
Encrypt email attachments of selected file type with an encryption key unique to the device - user combination.
These attachments are secured on the device and are only available for viewing on the VMware AirWatch Content Locker. This is only possible on managed iOS, Android, and Windows Phone devices with the VMware AirWatch Content Locker application. For other managed devices, you can either allow encrypted attachments, block attachments, or allow unencrypted attachments.
|Attachments (unmanaged devices)||Allow encrypted attachments, block attachments, or allow unencrypted attachments for unmanaged devices. Attachments are encrypted for unmanaged devices to prevent data loss and maintain email integrity. The attachments of unmanaged devices cannot be opened in VMware AirWatch Content Locker.|
Allow device users to open hyperlinks contained within an email directly with Airwatch Browser present on the device. The Secure Email Gateway dynamically modifies the hyperlink to open in Airwatch Browser.
The Modifications Types are All, Include, and Exclude.