Delegated calendar

Ivanti Email+ supports delegated access for Calendar. The delegated calendar option enables the calendar owner to assign their calendar to a delegated user within the organization's exchange Global Address List (GAL). To enable the Add Calendar option in Email+, configure the calendar_delegation value in enabled_features key value pair or in Optional Features restriction.

Email+ supports delegated calendar permissions similar to Microsoft Exchange server such as Reviewer, Editor, and Author level permissions. The delegated user can view events related updates on the Email+ app with these permissions.

The Email+ app does not display private events, all private events in delegated calendar are hidden.

The following table displays the different delegation permissions and the actions they can perform:

Permission level	Action allowed
Reviewer	With the Reviewer level permissions you can perform the following actions: Appointments (event without attendees) - no options Delegated calendar owner's created invite - Reply All on behalf of Received invite - Reply or Reply All on behalf of
Author	With the Author level permissions you can perform the following actions: Appointments (event without attendees) - no options Delegated calendar owner's created invite - Reply All on behalf of Received invite - Reply or Reply All on behalf of Author created appointments - no options Author created invites - Reply All and Forward on behalf of
Editor	With the Editor level permissions you can perform the following actions: Appointments (event without attendees) - no options Delegated calendar owner's created invite - Reply All and Forward on behalf of Received invite - Reply or Reply All or Forward on behalf of Editor created appointments - no options Editor created invite - Reply All and Forward on behalf of

Permission level

Action allowed

Reviewer

With the Reviewer level permissions you can perform the following actions:

Appointments (event without attendees) - no options
Delegated calendar owner's created invite - Reply All on behalf of
Received invite - Reply or Reply All on behalf of

Author

With the Author level permissions you can perform the following actions:

Appointments (event without attendees) - no options
Delegated calendar owner's created invite - Reply All on behalf of
Received invite - Reply or Reply All on behalf of
Author created appointments - no options
Author created invites - Reply All and Forward on behalf of

Editor

With the Editor level permissions you can perform the following actions:

Appointments (event without attendees) - no options
Delegated calendar owner's created invite - Reply All and Forward on behalf of
Received invite - Reply or Reply All or Forward on behalf of
Editor created appointments - no options
Editor created invite - Reply All and Forward on behalf of

To configure delegation on Android AppConnect or Android Enterprise, configure the following key-value pairs or restrictions:

Add calendar_delegation value to enabled_features key-value pair or calendar_delegation value to Optional Features restriction to add the Add Delegated Calendar option in the Email+ app
Add email_ews_host key-value pair or Exchange host for EWS restriction with EWS host value as FQDN to provide access to EWS server when the values for email_exchange_host key-value pair or Exchange host restriction are not fully qualified domain name of the exchange server.
Add ews_min_allowed_auth_mode key value pair or EWS Authentication Mode restriction to enable basic, modern_auth, and cert_based authentication methods to the exchange server through EWS protocol. If Email+ is configured with eas_min_allowed_mode KVP or Authorization mode restriction as Modern Auth, add ews_min_allowed_auth_mode KVP with modern_auth or EWS Authentication Mode restriction with Modern Authentication value to enable modern authentication method to the EWS server.
If EWS server is not accessible publicly (located in private network), then VPN should be configured. For more information see, Configuring Email+ with AppTunnel for Android AppConnect and Configuring Email+ with Ivanti Tunnel for Android Enterprise

When a calendar is delegated, a system generated mail is sent to the delegated user with details of the calendar owner. The calendar owner has the ability to assign or deny access to the delegated calendar.

Adding delegated calendar

In the Email+ app, go to Calendar > Add Calendar option and enter the calendar owner's email address. Select the calendar owner to add the delegated calendar. you can assign a color to the delegated calendar to differentiate between assigned calendars.

The calendar owner delegates the calendar from the Microsoft Outlook on the web (OWA). For more information on delegation, see Microsoft documentation.

The user can manually remove the delegated calendar from the Email+ app. If the access to the deleted calendar is available, then user can again add that delegated calendar.

When the calendar owner removes access to the delegated calendar, Email+ receives "Delegated Calendar access has been denied" notification when the Email+ app is launched.

Disabling delegated calendar feature

The admin can disable the Add Calendar option from the Email+ app by removing calendar_delegation value from the enabled_features key value pair or from the Optional Features restriction. For more information on the supported key-value pairs and restriction, see Key-value pairs for Ivanti Email+ (Android AppConnect) and App restrictions descriptions for Ivanti Email+ (Android Enterprise) sections.

Ivanti Email+ configurations supported for Delegated Calendar

The following table lists the supported Email+ and EWS configurations.

Before you begin

EWS must have Basic Auth enabled in Internet Information Services (IIS) manager (Microsoft Exchange server) for Android.

If EWS server is not accessible publicly (located in private network), then VPN should be configured.

Update the host name in the email_ews_host key-value pair.

Email+ Configuations	Additional Configurations for EWS	Supported
Android AppConnect: Ivanti EPMM and Ivanti Neurons for MDM with sentry, Modern auth with or without email_password KVP, Microsoft Office 365	Add email_ews_host KVP with EWS server value Add ews_min_allowed_auth_mode = modern_auth KVP	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, without sentry, Modern auth with or without email_password KVP, Microsoft Office 365	Add ews_min_allowed_auth_mode = modern_auth KVP	Yes
Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, with sentry, Modern auth with or without email_password KVP, Microsoft Office 365	Exchange host for EWS should have value of the EWS server EWS Authentication Mode should have Modern Authentication value	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, with sentry + Local certificate, Basic auth with or without email_password KVP, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365	Android AppConnect: add email_ews_host with EWS server value Android Enterprise: Exchange host for EWS should have value of the EWS server	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM, with sentry + group certificate, Basic auth with or without email_password KVP, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365	Android AppConnect: Add email_ews_host with EWS server value Android Enterprise: Exchange host for EWS should have value of the EWS server	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM, with Sentry + MS scep certificate, Basic auth with or without email_password KVP, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365	Android AppConnect: add email_ews_host with EWS server value Android Enterprise: Exchange host for EWS should have value of the EWS server	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, with Sentry, Kerberos with prompt_email_password=true and enter password on Email+ login screen, Microsoft Exchange versions 2016 and 2019	Android AppConnect: add email_ews_host with EWS server value Android Enterprise: Exchange host for EWS should have value of the EWS server	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, with Sentry, Kerberos with email_password KVP with hard coded value (which is not probably a use case), Microsoft Exchange versions 2016 and 2019	Android AppConnect: add email_ews_host with EWS server value. Android Enterprise: Exchange host for EWS should have value of the EWS server	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, without sentry, Basic auth (with or without 'email_password' KVP), Microsoft Exchange versions 2016 and 2019, Microsoft Office 365	Android AppConnect: add email_ews_host with EWS server value. 'ews_min_allowed_auth_mode' = cert_base KVP should be added Android Enterprise: Exchange host for EWS' should have value of the EWS server 'EWS Authentication Mode' should have 'Certificate-Based Authentication' value	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, with or without sentry, Certificate based auth, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365	Android AppConnect: add 'ews_min_allowed_auth_mode' = cert_base KVP Android Enterprise: add 'EWS Authentication Mode' should have 'Certificate-Based Authentication' value	Yes
Android AppConnect and Android Enterprise: Ivanti EPMM or Ivanti Neurons for MDM, with sentry, Kerberos (without 'email_password' KVP), Microsoft Exchange versions 2016 and 2019		No

Email+ Configuations

Additional Configurations for EWS

Supported

Android AppConnect:

Ivanti EPMM and Ivanti Neurons for MDM with sentry, Modern auth with or without email_password KVP, Microsoft Office 365

Add email_ews_host KVP with EWS server value

Add ews_min_allowed_auth_mode = modern_auth KVP

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, without sentry, Modern auth with or without email_password KVP, Microsoft Office 365

Add ews_min_allowed_auth_mode = modern_auth KVP

Yes

Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, with sentry, Modern auth with or without email_password KVP, Microsoft Office 365

Exchange host for EWS should have value of the EWS server

EWS Authentication Mode should have Modern Authentication value

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, with sentry + Local certificate, Basic auth with or without email_password KVP, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365

Android AppConnect: add email_ews_host with EWS server value

Android Enterprise: Exchange host for EWS should have value of the EWS server

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM, with sentry + group certificate, Basic auth with or without email_password KVP, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365

Android AppConnect: Add email_ews_host with EWS server value

Android Enterprise: Exchange host for EWS should have value of the EWS server

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM, with Sentry + MS scep certificate, Basic auth with or without email_password KVP, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365

Android AppConnect: add email_ews_host with EWS server value

Android Enterprise: Exchange host for EWS should have value of the EWS server

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, with Sentry, Kerberos with prompt_email_password=true and enter password on Email+ login screen, Microsoft Exchange versions 2016 and 2019

Android AppConnect: add email_ews_host with EWS server value

Android Enterprise: Exchange host for EWS should have value of the EWS server

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, with Sentry, Kerberos with email_password KVP with hard coded value (which is not probably a use case), Microsoft Exchange versions 2016 and 2019

Android AppConnect: add email_ews_host with EWS server value.

Android Enterprise: Exchange host for EWS should have value of the EWS server

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, without sentry, Basic auth (with or without 'email_password' KVP), Microsoft Exchange versions 2016 and 2019, Microsoft Office 365

Android AppConnect: add email_ews_host with EWS server value.

'ews_min_allowed_auth_mode' = cert_base KVP should be added

Android Enterprise: Exchange host for EWS' should have value of the EWS server

'EWS Authentication Mode' should have 'Certificate-Based Authentication' value

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, with or without sentry, Certificate based auth, Microsoft Exchange versions 2016 and 2019, Microsoft Office 365

Android AppConnect: add 'ews_min_allowed_auth_mode' = cert_base KVP

Android Enterprise: add 'EWS Authentication Mode' should have 'Certificate-Based Authentication' value

Yes

Android AppConnect and Android Enterprise:

Ivanti EPMM or Ivanti Neurons for MDM, with sentry, Kerberos (without 'email_password' KVP), Microsoft Exchange versions 2016 and 2019

Limitations

Email+ does not support attachments for delegated events.
Email+ does not support reminders and notifications for delegated events.