Kaspersky Secure Mobility Management
6.0
English

Contents

Configuring email

This section contains information on configuring mailboxes on mobile devices.

In this section

Configuring a mailbox on iOS MDM devices

Configuring an Exchange mailbox on iOS MDM devices

Configuring an Exchange mailbox on Android devices
Page top
[Topic 274787]

Configuring a mailbox on iOS MDM devices

Expand all | Collapse all

These settings apply to supervised devices and devices operating in basic control mode.

To enable an iOS MDM device user to work with email, add the user's email account to the list of accounts on the iOS MDM device.

By default, the email account is added with the following settings:

  • Email protocol – IMAP.
  • The user can move email messages between the user's accounts and synchronize account addresses.
  • The user can use any email client (other than Mail) to use email.
  • The SSL connection is not used during transmission of messages.

You can edit the specified settings when adding an account.

To add an email account of the iOS MDM device user:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Email card, click Settings.

    The Email window opens.

  5. Enable the settings using the Email toggle switch.
  6. Click Add.

    The Add email account window opens.

  7. Specify the email account settings:
    • On the General tab, configure the following settings:
      1. In the User name field, specify the name of the iOS MDM device user. You can either enter a value or select a macro by clicking the plus button.
      2. In the Email address field, specify the email address of the iOS MDM device user. You can either enter a value or select a macro by clicking the plus button.
      3. In the Account description field, enter a description of the user's email account.
      4. In the Email protocol field, select one of the following protocols:
        • POP
        • IMAP
      5. If you selected IMAP, specify the IMAP path prefix in the IMAP path prefix field.

        The IMAP path prefix must be entered using uppercase letters (for example: GMAIL for Google Mail).

      6. In the Incoming mail server settings and Outgoing mail server settings sections, configure the server connection settings:
        • In the Server address field, specify names of hosts or IP addresses of incoming and outgoing mail servers.
        • In the Server port fields, specify the port numbers of incoming and outgoing mail servers.

        To configure optional settings for the incoming and outgoing mail servers, click More settings and do the following:

        • In the User name field, specify the name of the user's account for authorization on the incoming and outgoing mail servers. You can either enter a value or select a macro by clicking the plus button.
        • In the Authentication type field, select the type of authentication of the user's email account on the incoming and outgoing mail servers.
        • In the Password field, specify the account password for authenticating on incoming and outgoing mail servers protected using the selected authentication method.
        • If you want to use the SSL (Secure Sockets Layer) data transport protocol, select the Use SSL connection check box.
        • If you want to use the same password for user authentication on the incoming and outgoing mail servers, select the Use the same password for incoming and outgoing mail servers check box.
    • On the Advanced tab, configure the additional settings of the email account:
      1. In the Restrictions section, select or clear the following check boxes, if necessary:
        • Allow syncing recent addresses

          Moving email messages between accounts.

          If the check box is selected, the user can move email messages from one account to another.

          If the check box is cleared, the user is prohibited from moving email messages from one account to another.

          This check box is selected by default.

          If you want to prohibit saving, moving, and sharing attachments from a corporate mailbox, clear the Allow movement of messages between accounts (including work and personal accounts) check box and select the Prohibit non-managed apps from using documents from managed apps and Prohibit managed apps from using documents from non-managed apps check boxes.

        • Allow movement of messages between accounts (including work and personal accounts)

          Synchronization of email addresses between accounts.

          If the check box is selected, when creating messages the user can use another email account's address history.

          If this check box is cleared, used email addresses are not synchronized. When creating a message, the user of an iOS MDM device cannot use another email account's address history.

          This check box is selected by default.

        • Allow Mail Drop

          Use of the Mail Drop service to forward large attachments.

          If the check box is selected, the user can use Mail Drop.

          If the check box is cleared, the user cannot use Mail Drop.

          This check box is cleared by default.

        • Allow using only the Mail app

          Use of only the standard iOS mail client for processing messages.

          If the check box is selected, the user can use email only in the standard iOS email client.

          If the check box is cleared, the user can use email both in the standard iOS email client and in other apps.

          This check box is cleared by default.

      2. In the Signature and Encryption sections, configure the settings for signing and encrypting outgoing mail using the S/MIME protocol in the Mail app.

        S/MIME is a protocol for transmitting digitally signed encrypted messages. S/MIME provides cryptographic security capabilities such as authentication, message integrity control, and non-repudiation of origin (using digital signatures). The protocol also helps improve the confidentiality and security of data in email messages by using encryption.

        • Sign messages

          Digital signature of outgoing messages in the Mail app.

          If the check box is selected, outgoing messages are signed with a digital signature using the S/MIME protocol. A digital signature confirms the authenticity of the sender and indicates that the contents of the message have not been modified during transmission to the recipient. A recipient certificate (public key) must be selected for a message signature.

          This check box is cleared by default.

        • Signing certificate for outgoing messages

          Certificate for signing outgoing messages with a digital signature using the S/MIME protocol. The digital signature guarantees that the message was sent by the iOS MDM device user. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.

          This drop-down list is available only if the Sign messages check box is selected.

        • Encrypt messages by default

          Encryption of outgoing messages in the Mail app.

          If the check box is selected, outgoing messages are encrypted by default using the S/MIME protocol. A recipient certificate (public key) must be selected for sending encrypted messages. If a recipient certificate is not installed, messages cannot be encrypted. Encrypted messages can be viewed only by users whose devices have a certificate installed.

          This check box is cleared by default.

        • Encryption certificate

          Encryption certificate for encrypting outgoing messages using the S/MIME protocol. Encryption keeps messages confidential during transmission and storage. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.

          This drop-down list is available only if the Encrypt messages by default check box is selected.

        • Show toggle button for encrypting selected messages

          Display of the mail_lock icon in the Mail app in the To field for sending encrypted messages.

          If this check box is selected, the mobile device user can encrypt individual messages by clicking the icon.

          If the check box is cleared, the icon for encrypting messages is not displayed. In this case, the Encrypt messages by default check box determines whether outgoing mail is encrypted.

  8. Click Save.

    The new email account appears in the list.

    You can modify or delete email accounts in the list using the Edit and Delete buttons at the top of the list.

  9. Click OK.
  10. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, email accounts from the list are added on the user's mobile device.

We recommend closing and opening the Settings app on the iOS MDM device after you configure a mailbox.

Page top
[Topic 274808]

Configuring an Exchange mailbox on iOS MDM devices

Expand all | Collapse all

These settings apply to supervised devices and devices operating in basic control mode.

To allow an iOS MDM device user to use corporate email, calendar, contacts, notes, and tasks, add the user's Exchange ActiveSync account on the Microsoft Exchange server.

By default, an account with the following settings is added on the Microsoft Exchange server:

  • Email is synchronized once per week.
  • The user can move messages between the user's accounts and synchronize account addresses.
  • The user can use any email clients (other than Mail) to use email.
  • The SSL connection is not used during transmission of messages.

You can edit the specified settings when adding the Exchange ActiveSync account.

To add an Exchange ActiveSync account of an iOS MDM device user:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select iOS and go to the Device configuration section.
  4. On the Exchange ActiveSync card, click Settings.

    The Exchange ActiveSync window opens.

  5. Enable the settings using the Exchange ActiveSync toggle switch.
  6. Click Add.

    The Add Exchange ActiveSync account window opens.

  7. Specify the Exchange ActiveSync settings:
    • On the General tab, specify the user's data:
      • In the Account name field, enter the account name for authorization on the Microsoft Exchange server. You can either enter a value or select a macro by clicking the plus button.
      • In the Exchange ActiveSync server address field, enter the DNS name or IP address of the Microsoft Exchange server.
      • Settings in the User credentials section:
        • In the User domain field, enter the name of the iOS MDM device user's domain. You can either enter a value or select a macro by clicking the plus button.
        • In the User name field, enter the name of the iOS MDM device user. You can either enter a value or select a macro by clicking the plus button.

          If you leave this field blank, Kaspersky Mobile Devices Protection and Management prompts the user to enter the user name when applying the policy on the iOS MDM device.

        • In the Email address field, specify the email address of the iOS MDM device user. You can either enter a value or select a macro by clicking the plus button.
      • Settings in the Authentication section:
        • In the Password field, enter the password of the Exchange ActiveSync account for authorization on the Microsoft Exchange server.
        • In the Authentication certificate drop-down list, select the certificate used for authenticating the iOS MDM device user on the Microsoft Exchange server. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.
    • On the Additional tab, configure the additional settings of the Exchange ActiveSync account:
      • In the Email synchronization section, in the Synchronization period drop-down list, select the time interval for which email is automatically synchronized and stored on the iOS MDM device. The longer the email synchronization period, the more free space required in the memory of the mobile device. Messages that have not been synchronized are not available without an internet connection. The default value is 1 week.
      • In the Restrictions section, select or clear the following check boxes, if necessary:
        • Allow movement of messages between accounts (including work and personal accounts)

          Moving email messages between accounts.

          If the check box is selected, the user can move email messages from one account to another.

          If the check box is cleared, the user is prohibited from moving email messages from one account to another.

          This check box is selected by default.

          If you want to prohibit saving, moving, and sharing attachments from a corporate mailbox, clear the Allow movement of messages between accounts (including work and personal accounts) check box and select the Prohibit non-managed apps from using documents from managed apps and Prohibit managed apps from using documents from non-managed apps check boxes.

        • Allow syncing recent addresses

          Synchronization of email addresses between accounts.

          If the check box is selected, when creating messages the user can use another email account's address history.

          If this check box is cleared, used email addresses are not synchronized. When creating a message, the user of an iOS MDM device cannot use another email account's address history.

          This check box is selected by default.

        • Allow using only the Mail app

          Use of only the standard iOS mail client for processing messages.

          If the check box is selected, the user can use email only in the standard iOS email client.

          If the check box is cleared, the user can use email both in the standard iOS email client and in other apps.

          This check box is cleared by default.

        • Use SSL connection

          Select this check box to use the SSL (Secure Sockets Layer) data transport protocol to secure the transmission of data.

          This check box is selected by default.

      • In the Signature and encryption section, configure the settings for signing and encrypting outgoing mail using the S/MIME protocol in the Mail app. S/MIME is a protocol for transmitting digitally signed encrypted messages. S/MIME provides cryptographic security capabilities such as authentication, message integrity control, and non-repudiation of origin (using digital signatures). The protocol also uses encryption to help improve the level of confidentiality and security of data in email messages.
        • Sign messages

          Digital signature of outgoing messages in the Mail app.

          If the check box is selected, outgoing messages are signed with a digital signature using the S/MIME protocol. A digital signature confirms the authenticity of the sender and indicates that the contents of the message have not been modified during transmission to the recipient. A recipient certificate (public key) must be selected for a message signature.

          This check box is cleared by default.

        • Signing certificate for outgoing messages

          Certificate for signing outgoing messages with a digital signature using the S/MIME protocol. The digital signature guarantees that the message was sent by the iOS MDM device user. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.

          This drop-down list is available only if the Sign messages check box is selected.

        • Encrypt messages by default

          Encryption of outgoing messages in the Mail app.

          If the check box is selected, outgoing messages are encrypted by default using the S/MIME protocol. A recipient certificate (public key) must be selected for sending encrypted messages. If a recipient certificate is not installed, messages cannot be encrypted. Encrypted messages can be viewed only by users whose devices have a certificate installed.

          This check box is cleared by default.

        • Encryption certificate

          Encryption certificate for encrypting outgoing messages using the S/MIME protocol. Encryption keeps messages confidential during transmission and storage. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.

          This drop-down list is available only if the Encrypt messages by default check box is selected.

        • Show toggle button for encrypting selected messages

          Display of the mail_lock icon in the Mail app in the To field for sending encrypted messages.

          If this check box is selected, the mobile device user can encrypt individual messages by clicking the icon.

          If the check box is cleared, the icon for encrypting messages is not displayed. In this case, the Encrypt messages by default check box determines whether outgoing mail is encrypted.

  8. Click Add.

    The new Exchange ActiveSync account appears in the list.

    You can modify or delete Exchange ActiveSync accounts in the list using the Edit and Delete buttons at the top of the list.

  9. Click OK.
  10. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, Exchange ActiveSync accounts from the compiled list are added on the user's mobile device.

Page top
[Topic 274809]

Configuring an Exchange mailbox on Android devices

To work with corporate mail, contacts, and the calendar on the mobile device, you can configure the Exchange mailbox settings for the standard Samsung Email app.

An Exchange mailbox can be configured only for Samsung devices running Android 9 or earlier.

To configure an Exchange mailbox on a user's mobile device:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
  2. In the policy properties window, select Application settings.
  3. Select Android and go to the Samsung Knox settings section.
  4. On the Exchange ActiveSync card, click Settings.

    The Exchange ActiveSync window opens.

  5. Enable the settings using the Exchange ActiveSync toggle switch.
  6. In the Server address field, enter the IP address or DNS name of the server hosting the mail server.
  7. In the Domain name field, enter the name of the mobile device user's domain on the corporate network.
  8. In the Synchronization interval drop-down list, select the interval for mobile device synchronization with the Microsoft Exchange server.
  9. To use the SSL (Secure Sockets Layer) data transport protocol, select the Use SSL connection check box. The SSL protocol uses encryption and certificate-based authentication for secure data transfer. This check box is selected by default.
  10. To use digital certificates to protect data transfer between the user's mobile device and the Microsoft Exchange server, select the Verify server certificate check box. The server certificate is verified to have been issued from the trusted root certificate. This check box is selected by default.
  11. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

Page top
[Topic 274810]