SEG provides authorization and compliance for Exchange Web Services (EWS) traffic used by VMware's Email Notification Service (ENS). ENS adds Push Notification support to Exchange for providing real-time email notifications to Workspace ONE Boxer.

Both Cloud and On-premises ENS deployments are supported by SEG. The SEG listens on the EWS endpoint for traffic from the ENS, applies the MEM compliance policies on incoming requests, and proxies the requests to Exchange. Certificate Based Authentication (CBA) using KCD is supported. If your deployment utilizes CBA using KCD, SEG acquires the Kerberos token (from KDC) required for Exchange authentication.


  1. Navigate to SEG > Config folder.
  2. Select the file and edit the file.
    When SEG is deployed on UAG, use the following path to edit the file: vi /opt/vmware/docker/seg/container/config/override/
  3. Add the enable.boxer.ens.ews.proxy=true entry in the file.
  4. Save the file.
  5. Restart the SEG service. The SEG now listens to the /EWS endpoint for traffic from the email notification service.
    Note: For SEG version 2.17.0 or later, with the Workspace ONE UEM console version 20.10 and later, perform the SEG configuration using the custom gateway settings. To understand the SEG custom gateway settings, see the SEG Custom Gateway Settings topic.

    For SEG version before 2.17.0, SEG continues to use the default configuration (pre-defined configuration). If the custom settings feature is not available, manually update the respective files at the individual node and modify the SEG configuration.