Protect email attachments using Workspace ONE UEM.

Email attachments are of various file types. On the UEM console, you can select the files types for which the email attachments must be encrypted by the Secure Email Gateway. These encrypted attachments are secured on the mobile devices and can be viewed using the VMware AirWatch Content Locker application.

Granular settings are available for managed iOS, Android devices, and Windows Phone. For other managed devices and all unmanaged devices, attachments can be prevented (in-bulk) from being opened in third-party apps.


  1. Navigate to Email > Compliance Policies > Email Security Policies.
  2. Select the gray colored circle under the Active column for the Attachments (Managed devices) or Attachments (Unmanaged devices)compliance policy.
    A page appears with a key code.
  3. Enter the key code in the corresponding field and select Continue.
    The policy is activated and is denoted by a green colored circle under the Active column.
  4. Select the Edit option under the Actions column.
  5. Select whether to encrypt & allow or block or allow without encryption attachment for each file category (for managed iOS, Android and Windows devices only).
  6. Select the check box Allow Attachments to be saved in Content Locker to save the attachments in Content Locker.
    The attachments remain encrypted and Content Locker policies applies.
  7. Choose the policy for any Other Files not mentioned here.
  8. Enter file extensions that are to be excluded from the actions configured in Other Files into the Exclusion List.
  9. Enter a Custom Message for Blocked Attachmentsto inform the recipient that an attachment has been blocked.
  10. Save the settings.