Configuring Mobile Email Management Deployment

Integrate your email infrastructure in a few simple steps using the Mobile Email Management (MEM) configuration wizard.

MEM can only be configured at a parent organization group and cannot be overridden at a child organization group. One MEM configuration can be associated with a single or multiple Exchange ActiveSync (EAS) profiles.

Navigate to Email > Settings, and then select Configure.
Select the deployment model and then select the email type. Select Next.
1. If Proxy is the deployment model, select the email type.
  Choose from:
  - Exchange
  - Google
  - HCL Notes
2. If Direct is the deployment model, select the email type.
  Choose from:
  - Exchange
  - Google App with Direct API
  - Google App using Password Provisioning - Select With Password Retention or Without Password Retention as the Gmail Deployment Type.
For more information on the deployment methods, see the Email Deployment Types section.
Enter the details for the chosen deployment type.
Choose from:
- For SEG deployments:
  1. Enter a friendly name for this deployment.
  2. Enter the SEG proxy server details.
- For PowerShell deployments:
  1. Enter a friendly name for this deployment.
  2. Enter the details of the PowerShell server, authentication, and sync settings.
- For Gmail:
  1. Enter a friendly name for this deployment.
  2. Enter the details of the Gmail settings, authentication, Gmail Directory APIs Integration, and SEG proxy settings.
Associate a template EAS profile with the MEM deployment and select Next.
1. Create a template EAS profile for this deployment.
  New template profiles are not published to devices automatically. You can publish profiles to your devices from the Profiles page.
2. (Optional) Associate an existing profile to this deployment if more than one MEM deployment is to be configured at a single organization group.
The MEM Config Summary page displays the configuration details.
Save the settings.
Once saved, you can add the advanced settings to this deployment.
1. Select the Advanced icon corresponding to your deployment.
2. Configure the available settings for the user mailboxes as per requirement in the Mobile Email Management Advanced Configuration page.
3. Select Save.

What to do next

To configure multiple MEM deployments, select Add (available on the Mobile Email Management Configuration main page) and perform steps 2–7.

In a SEG deployment, you may assign a particular configuration as the default using the option Set as default available under .

Mobile Email Management configuration screen

Note:

You should create mutually exclusive user groups when connecting multiple PowerShell environments to the same Exchange server.
Use different domains in the configuration when connecting multiple Gmail environments.
Consider connecting SEG and PowerShell integration to the same email environment only during migration of MEM deployments with appropriate settings. Workspace ONE Support can help you with this implementation.

Enable Certificate-Based Email

Using certificates over the standard username and password credentials have certain benefits as the certificates provide stronger authentication against unauthorized access. It also eliminates the need for end users to enter in a password or renew one every month. Sensitive emails between recipients can be encrypted through S/MIME or prove your identity through a message signature.

Navigate to Devices > Profiles & Resources > Profiles.
Select ADD > Add Profile and then select the required platform.
Choose the Credentials profile setting and configure it.
1. For Credential Source, select any from the available list.
  Choose from:
  - Upload – Upload a certificate and enter a name for the certificate.
  - Defined Certificate Authority – Select the CA and the certificate template from the drop-down menu for your organization group.
    The certificate authorities and the templates are added for an organization group at Devices > Certificates > Certificate Authorities.
Save & Publish the settings.

Configuring User Attribute for MEM Calls to Google Suite

Gmail deployments, by default, use the Google APIs to manage access to Gmail. You can identify the enrollment user with the user's email address while sending commands to Google. Alternatively, an administrator can also select an Active Directory custom attribute instead of the user’s email address to identify the user at Google.

This custom attribute can be used when the Google email address is located in a custom attribute field of the customer’s Active Directory. The custom attribute settings are applicable to Google Apps using Password Provisioning, Google Apps with Direct API, and SEG V2 with Automatic Password Provision deployment methods.

Navigate to Accounts > Administrators > Administrator Settings > Directory Services > User. The Workspace ONE UEM administrator can map the custom attribute values and use the mapping value from the customers Active Directory.
Enable the custom attribute in the Directory Services page, enter a mapping value, and synchronize the Active Directory users to update the enrollment user custom attribute. For more information about enabling the custom attribute, see Map Directory Services User Information in Directory Service Integration guide.
Navigate to Email > Email settings and select Configure. Configure the platform gateway and select Next.
In the Add Email Configuration page, select the deployment model as Direct, email type as Google Apps with Direct API and select Next.
Enter a friendly name for this deployment in the Deployment page. Enter the details of the Gmail settings, authentication, Gmail Directory APIs Integration, and SEG proxy settings.
Enter Google User Email Address. The default value for Google User Email Address is Email Address. An administrator can select a custom attribute instead of the default email address.
Configure email profiles. See Configuring Email Profiles.

Results:

You can use the custom attribute when the Google email address is located in a custom attribute field of the customer’s Active Directory.