The features supported by Workspace ONE UEM and the suitable deployment sizes are listed in this section. Use the decision matrix to choose the deployment that best suits your need.

Attachment Encryption

With enforced attachment encryption on your mobile devices, Workspace ONE UEM can help keep your email attachments secure without hindering the end users' experience.

  Native Touchdown Traveler VMware Boxer
Windows Phone*      

*If your deployment includes Windows Phone 8/8.1/RT devices, use attachment encryption.

SEG supports attachment encryption and hyperlink transformation on Boxer, only if these features are enabled for the Boxer app configuration on the UEM console.

SEG supports attachment encryption with Exchange 2010/2013/2016/2019 and Office 365.


SEG does not encrypt attachments for Boxer, but DLP can be enforced at the application level.

Email Management

The list gives you the greatest level of security with the easiest deployment and management.

Email Infrastructure  Gmail PowerShell Secure Email Gateway (SEG)
Cloud Mail Infrastructure
Office 365  
On-premises Email Infrastructure
Exchange 2010  
Exchange 2013  
Exchange 2016  
Exchange 2019  
Lotus Notes    

^Use the Secure Email GatewaySecure Email Gateway (SEG) for all on-premises email infrastructures with deployments of more than 100,000 devices. For deployments of less than 100,000 devices, using PowerShell is another option for your email management. Refer to the Secure Email Gateway vs. PowerShell Decision Matrix.

**The threshold for PowerShell implementations is based on the most recent set of completed performance tests, and can change on a release by release basis. Deployments up to 50,000 devices can expect reasonably quick sync and run compliance time frames (less than three hours). As the deployment size expands closer to 100,000 devices, then administrators can expect the sync and run compliance processes to continue to increase in the 3–7 hour time frame.

Secure Email Gateway vs PowerShell Decision Matrix

The matrix informs you about the deployment features of SEG and PowerShell to help you choose which deployment suits your need.

  Pros Cons
  • Real-Time Compliance
  • Attachment encryption
  • Hyperlink transformation
  • Additional server (s) required
  • No additional on-premises server required for email management
  • Mail traffic is not routed to an on-premises server before being routed to Office 365, so ADFS is not required
  • No real-time compliance sync
  • Not for large deployments (more than 100000)
Microsoft suggests using Active Directory Federated Services (ADFS) for preventing direct access to Office 365 email accounts.