|
Email address
|
Substitution variable for email address
|
Required. Defines the email address for the email account.
Ivanti EPMM
Typically, enter $EMAIL$.
You can also enter combinations of these variables, depending on your ActiveSync server requirements:
$USERID$,
$USER_CUSTOM1$,
$USER_CUSTOM2$,
$USER_CUSTOM3$,
$USER_CUSTOM4$
Ivanti Neurons for MDM
Typically, enter ${userEmailAddress}.
|
|
Exchange host
|
FQDN of the ActiveSync server or Standalone Sentry
|
Required. The fully qualified domain name (FQDN) of the ActiveSync server or Standalone Sentry.
Example: mySentry.mycompany.com
|
|
Exchange username
|
Substitution variable for username
|
Required. Defines the username for the email account.
Ivanti EPMM
Typically, use $USERID$. If your ActiveSync server requires a domain, use
<domain name>\$USERID$.
Example: mydomain\$USERID$.
Depending on your ActiveSync server requirements, you can also use combinations of these variables:
$EMAIL$,
$USER_CUSTOM1$,
$USER_CUSTOM2$,
$USER_CUSTOM3$,
$USER_CUSTOM4$.
Ivanti Neurons for MDM
Typically, use ${userEmailAddressLocalPart}. If your ActiveSync server requires a domain, use
<domain name>\${userEmailAddressLocalPart}.
Example: mydomain\${userEmailAddressLocalPart}.
Depending on your ActiveSync server requirements, you can use:
${userEmailAddress}
|
|
Email password
|
The user’s password for the ActiveSync server
|
If you provide a password, Email+ does not prompt the device user for the password.
Ivanti, Inc recommends leaving this field blank.
Ivanti EPMM only
You can use the variable $PASSWORD$ if you have checked Save User Password in Settings > Preferences. Ivanti EPMM then passes the user’s password as the value to the device. If you plan to use the $PASSWORD$ variable, be sure to set Save User Password to Yes before any device users register. If a device user was registered before you set Save User Password, Email+ prompts the user to enter the password manually.
Default if restriction is not configured: User is prompted for ActiveSync password.
|
|
Device ID
(Ivanti EPMM only)
|
$DEVICE_UUID_NO_DASHES$
|
Required.
|
|
SSL required
|
Check box
|
Select if you want secure communication using https: to the server that you specified for Exchange host.
Default: Selected.
|
|
Trust all certificates
|
Check box
|
Select to allow the app to automatically accepts untrusted certificates. Typically, you select this option only when working in a test environment.
Default: Not selected.
|
|
Prompt email password
|
Check box
|
Select to prompt the user for the email account password when the user attempts to launch Email+.
Default: Not selected.
If the restriction is not selected, Email+ provides the password to the ActiveSync server when Email+ connects with the server. The ActiveSync server counts the initial connection initiated by Email+ as a password attempt.
Therefore, Ivanti, Inc recommends selecting this restriction if the email server allows only a small number of password attempts.
|
|
Email login certificate
|
Ivanti EPMM
$CERT_ALIAS:certificate enrollment setting name$
Ivanti Neurons for MDM
Certificate setting from the dropdown list
|
Configure for certificate-based authentication to the ActiveSync server or to Standalone Sentry.
Ivanti EPMM
The certificate enrollment setting name is the name you gave to the certificate enrollment setting, which is configured in Configurations > Add New > Certificates or Certificate Enrollment.
Ivanti Neurons for MDM
The certificate setting is configured in Configurations > Add > Certificate or Identity Certificate.
For certificate-based authentication, the Authorization Mode restriction must also be set to Certificate-based Authentication.
|
|
Email signing certificate
|
Ivanti EPMM
$CERT_ALIAS:certificate enrollment setting name$
Ivanti Neurons for MDM
Certificate setting from the dropdown list
|
Specifies the certificate to use for signing S/MIME emails.
Ivanti EPMM
The certificate enrollment setting name is the name you gave to the certificate enrollment setting, which is configured in Configurations > Add New > Certificates or Certificate Enrollment.
Ivanti Neurons for MDM
The certificate setting is configured in Configurations > Add > Certificate or Identity Certificate.
|
|
Email encryption certificate
|
Ivanti EPMM
$CERT_ALIAS:certificate enrollment setting name$
Ivanti Neurons for MDM
Certificate setting from the dropdown list
|
Specifies the certificate to use for encrypting S/MIME emails.
Ivanti EPMM
The certificate enrollment setting name is the name you gave to the certificate enrollment setting, which is configured in Configurations > Add New > Certificates or Certificate Enrollment.
Ivanti Neurons for MDM
The certificate setting is configured in Configurations > Add > Certificate or Identity Certificate.
|
|
Signing digest algorithm
|
- SHA-1
- SHA-256
- SHA-384
- SHA-512
|
Configures signature algorithm.
The restriction is empty by default. If there is no value or invalid value set, then SHA-1 is used.
|
|
Email safe domains
|
Comma-separated list of safe domains
|
Specifies the safe domains.
Example: mycompany.com,mycompany.net,internal.mycompany.com
Ensure that there are no empty spaces before and after the comma.
Email addresses not in the safe domain list are displayed in red color in Email+. You may want to use this key-value pair if your company has multiple domains and you want to identify the company domains as opposed to domains that are not company domains.
To disable this feature, you can set the value to "*"
Default if the restriction is not configured: Only the domain of the user's email address is considered safe. All other domains will be highlighted in red.
|
|
Allow logging
|
Check box
|
Select to allow Email+ to log data in the Android logging system.
If selected, the Send Logs and Download Logs options are available in Email+ in General Settings in the Mail app. Device users can send log files via Email+ by the tapping Send Logs option or download logs by tapping the Download Logs option. The download option is useful if emails cannot be sent due to sync issues.
Log data is useful for problem diagnosis. Typically, you select this option in a test environment.
Default: Not selected.
|
|
Allow export contacts to email
|
Check box
|
Select to give device users the option to export contacts as an attachment in an email.
Default: Check box is selected.
|
|
Allow detailed notifications
|
Checkbox
|
Select to allow device users see detailed notifications. The details can include sensitive information such as email subject and body previews, or event titles and times.
Default: Check box is not selected. Device users see normal notifications.
|
|
Show picture by default
|
Checkbox
|
Select to allow device users to automatically see images in an email. The setting turns on the Show Pictures option on the device.
Device users can override the configuration in the UEM by turning the Show Pictures option on or off on the device.
If you change the value, Email+ does not change the Show Pictures option until Email+ does a full synchronization. A full synchronization occurs only when you change certain fundamental values like Email address, or when the device user uninstalls and reinstalls Email+.
Default: Check box is not selected. The Show Pictures option is turned off.
|
|
Default signature
|
Ivanti EPMM: $DEFAULT$
Ivanti Neurons for MDM: The default email signature
|
The value entered is the default email signature for all emails. However, the device user can override the default email signature at any time. After the device user defines the default email signature, Email+ does not use the value entered in this field, even if the value is updated.
For Ivanti EPMM, with $DEFAULT$, the system default is used. If $DEFAULT$ is not configured, a signature is not provided.
Default if the restriction is not configured (system default): Sent by Email+.
|
|
GAL search minimum characters
|
A number
|
The minimum number of characters for Email+ to use for automatic Global Address List (GAL) lookup in Mail and Contacts.
When entering a name, after the specified number of characters, Email+ starts searching the GAL and presents the matches that it finds.
On your Exchange server, set the minimum number of characters for GAL search to the same value you set for this key. If you do not, GAL search will not work properly in Email+.
Default: 4.
|
|
Max attachment size (MB)
|
A number
|
Specifies the maximum size in megabytes of an email that Email+ will send without a warning to the device user. The maximum size includes the body of the email plus its attachments.
Also applicable for Delegated Mailbox.
Allowed values are integers starting with 1.
If the Exchange server has an email size limit that is less than the maximum size entered, the Exchange server does not deliver the email.
Default: 10 MB.
|
|
Max mail body size
|
A number
|
Specifies the maximum limit for email message body size that can be received by the Email+ app.
Default: 4 MB
|
|
Default sync period
|
|
Specifies the default period for which emails are downloaded:
1: emails received over the last one day.
2: emails received over the last three days.
3: emails received over the last seven days.
4: emails received over the last two weeks.
5: emails received over the last one month.
If configured, all options will be available in Email+. Device users can change the default value. If the Max sync period restriction is also configured, options greater than sync period specified in the restriction will not be available on the device.
Default: 2.
|
|
Max sync period
|
|
Specifies the maximum number of days for which emails are downloaded:
0: all emails.
1: emails received over the last one day.
2: emails received over the last three days.
3: emails received over the last seven days.
4: emails received over the last two weeks.
5: emails received over the last one month.
Default: 0.
|
|
Disable Usage Statistics
|
Checkbox
|
Disables sending Email+ analytics.
Default: Unchecked
|
|
Optional Features
|
|
block_external_gal: Disables global address lookup (GAL) of Email+ contacts in the native Contacts app. Configure the value only if the Google account configured for Android Enterprise supports GAL.
skip_empty_links: Some exchange servers block custom links and the hyperlinks are stripped from the email body. For example, the url mibrowser:// that is used to launch Web@Work and may not become click-able when sent via email. The work around for this problem is, Email+ has additional capability to detect such emails and automatically fetch their body as MIME data that is unmodified by exchange. We recommend that administrators evaluate this capability in their environment by adding "skip_empty_links" into the
"enabled_features" KVP. Fetching MIME data may not work in all configurations.
show_formatting: Enables the “Always show formatting” option if it was not previously changed manually.
lotus: Enables Lotus server support.
multiple_accounts: Enables secondary email account on the same device.
eas_16: Enables ActiveSync 16 specific folder synchronization features in Email+. When Email+ receives "eas_16" the first time, Folder resync is expected.
When "eas_16" protocol is added to Optional Features restrictions:
-
if the highest ActiveSync version for the server is 16.1 or higher, enable Email+ to sync via EAS 16.1 version.
-
if the highest ActiveSync version for the server is 16.0, enable Email+ to sync via EAS 16.0 version
-
if the highest ActiveSync version for the server is lower than 16.0, then it works as per the current settings.
allow_shortcuts: Enables the user to create shortcuts for launch Calendar, Contact, Notes, and Tasks.
calendar_delegation: Enables the Add Delegated Calendar option.
entrust_certificates: Enable support for entrust certificate for Android Enterprise cloud. The Email+ app now fetches these certificates from the keystore. This is applicable for Android Enterprise device registration mode such as Profile Owner, Device Owner, and EPO with Microsoft Office 365 using Modern auth. The Email+ Android Enterprise apps uses the certificates is as follows:
- Authorization Cert: This certificate is used to login to the Email+ app.
- Signing /Encryption: This certificate is used for SMIME functionality.
smime_suppress_certificate_email_check: Automatic certificate verification using email address is suppressed and the user can manually add a certificate using the Keystore and GALoptions.
delegated_shared_mailbox: delegated_shared_mailbox: Enables the delegated mailbox option. When this value is removed:
-
All added Delegated mailbox accounts are removed from Email and Setting's screen.
-
"Add a Mailbox" button is removed under Email screen and Setting's screen.
-
If only Primary account is added then the arrow to expand and collapse to show different mailbox's and Add a Mailbox label are also removed.
-
If Secondary account is available then arrow to expand and collapse to show different mailbox's will be available but Add a Mailbox label is not available.
|
|
Disabled Features
|
- save_attachment
- print
- show_snippet
- personal_events
- crl_signature_check
|
save_attachment: Disables the save attachments option. When this value is added the "Save as" button is not available for email attachments. Attachments can still be opened in Docs@Work.
print: Disables the Print option for email messages.
show_snippet: This option removes "Text preview" setting and disables message preview displaying. If this option is enabled the user can set the number of lines visible for message preview, through Email+ app Settings on the mobile device.
By default the number of lines set for preview is set to two.
personal_events: Disables the "Overlay personal events" option in the calendar Settings by admin.
crl_signature_check: Disables CRL check for the email signature certificates.
|
|
Default Network Timeout
|
A positive integer
|
The value is represented in seconds.
The value overwrites the default connection timeout value for all requests. You may want to configure the key-value pair to manage slow connections with the ActiveSync server or for syncing large folders and emails.
If the value is 0, negative, or non-integer, the default value is used.
Default: 90 seconds.
|
|
Authorization Mode
|
- Basic Authorization
- Certificate-based Authentication
- Modern Authentication
|
Defines the authentication method to the Exchange ActiveSync service.
- Basic Authorization: user name and password
- Certificate-Based Authentication: identity certificates
- Modern Authentication: enable modern auth for corresponding protocol. Enables Oauth 2.0 authorization.
Modern Auth Authority URL and Modern Auth Resource URL: when configured through sentry uses the following values:
- modern_auth_authority_url: https://<SentryHostname>/proxyservice
- modern_auth_resource_url: https://<SentryHostname>
For certificate-based authentication, the Email login certificate restriction must also be configured.
If you have configured Certificate-Based Authentication and there are errors in your configuration, the authentication method defaults to basic.
Default: Basic Authorization.
|
|
Alert unsafe domains
|
Checkbox
|
Select to alert Email+ users if the recipients in an email or calendar invite include addresses that are not in a safe domain.
If the restriction is configured, but safe domains (Email safe domains) are not configured, only the domain of the user's email address is considered safe. Device users have the option to either proceed or cancel sending the email.
Default: Not selected. An alert is not displayed for addresses not in a safe domain.
|
|
Show dialing confirmation
|
Checkbox
|
Select to present a confirmation dialog when users tap on a phone number in an email. Tapping on the phone number in the dialog, dials the phone number. Tapping the back arrow cancels the call.
Default if no key-value is configured: Not selected. Users do not see a confirmation dialog. When a user taps on a phone number in Email+, the number is automatically dialed.
|
|
Display Order
|
|
Sets the default display order for contact names in search results. Device users can change the display order in Email+ in Settings > Contacts.
first_last: Contact names in search results are displayed with first name followed by the last name.
last_first: Contact names in search results are displayed with last name followed by the first name.
Default: first_last.
|
|
Use Display Name
|
|
true: Enables Display Name in Email+ Settings > Contacts by default.
false: Disables Display Name in Email+ Settings > Contacts by default.
Default: true
|
|
Modern Auth Authority URL
|
https://login.microsoftonline.com/common
|
This is enabled to specify Microsoft Office 365 authority url.
|
|
Modern Auth Resource URL
|
https://outlook.office365.com
|
This is enabled to specify Microsoft Office 365 resource url.
|
|
Security classification JSON
|
Default value for this key is empty.
|
Enables the email classification feature. If present, it specifies the list of classification values to be used and all the supported permutations.
See Document classification capabilitiessection for more information.
|
|
Allow certificate revocation check
|
|
This is enabled to check certificate validity. The CRL check for server certificate is performed when Allow certificate revocation check is set to true and Trust all certificates is set to false.
|
|
Allow files from personal apps
|
|
Enable this option to allow import or add attachments from personal profile applications. For example, importing certificates from storage or attaching images from photo gallery.
|
|
Report phishing
|
email address
|
Enable the 'Report Phishing' option on view screen in the "More" menu. The suspicious mail is deleted and sent to a pre-configured (for security review) email address.
|
|
Organize by date
|
|
Disables email treading for email messages.
false: "Email Threading” is turned "ON".
|
|
Show week number
|
|
Displays the week number in the week and month view for Calendar. You can enable or disable week number view from device Settings.
Default: true
|
|
Exchange host for EWS
|
FQDN of the EWS server
|
To support EWS authentication when Exchange host restriction contains NOT the fully qualified domain name (FDQN) of the EWS server, Exchange host for EWS restriction should have a FDQN as the value for the EWS server.
If not configured, the value of Exchange host restriction is used as the EWS server.
|
|
EWS Authentication Mode
|
- Basic Authentication
- Modern Authentication
- Certificate Based Authentication
|
Defines the authentication method to the EWS.
-
Basic Authentication: username and password
-
Modern Authentication: enable modern auth for corresponding protocol. Enables Oauth 2.0 authentication
-
Certificate Based Authentication: support delegated calendar with certificate based authentication.
Default: Basic Authentication
|
|
(Optional) Encryption algorithm
|
- 3des (currently used by Email+, the most compatible and default)
- aes256
- aes192
- aes128
|
Configures encryption algorithm.
The restriction is empty by default. if there is no value of invalid set, then 3des is used.
|