ENS supports certificate-based authentication (CBA) and dual authentication. The dual authentication is a combination of basic authentication and certificate-based authentication. For ENS, you must configure the Boxer application with certificate-based authentication for Exchange server and enable certificate-based authentication for the EWS endpoint. ENS uses the same certificate that the Boxer application receives for the authentication purpose. ENS must ensure that the EWS endpoint can validate the certificates used by the Boxer application.


Configure Boxer application with CBA and enable CBA for the EWS endpoint. For more information about configuring CBA for Workspace ONE Boxer, see the Workspace ONE Boxer Admin Guide documentation.


  1. Push the certificate with Boxer profile from the Workspace ONE UEM console to the Workspace ONE Boxer.
  2. Register your device with the ENS server and send the certificate from Workspace ONE Boxer.
  3. Send certificate from ENS to the Exchange server and establish the push subscription.