AirWatch Inbox Admin Guide Title: AirWatch Inbox Admin Guide Author: VMware AirWatch Created Date: 9/3/2018

  • View
    2

  • Download
    0

Embed Size (px)

Text of AirWatch Inbox Admin Guide Title: AirWatch Inbox Admin Guide Author: VMware AirWatch Created Date:...

  • VMware AirWatch Inbox Admin Guide Configuring and deploying AirWatch Inbox Workspace ONE UEM v9.7

    Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. Copyright©2018 VMware, Inc. All rights reserved. This product is protected by copyright and intellectual property laws in the United States and other countries as well as by international treaties. VMware products are covered by one ormore patents listed at http://www.vmware.com/go/patents.

    VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All othermarks and names mentioned hereinmay be trademarks of their respective companies.

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

    1

    http://support.air-watch.com/

  • Table of Contents Chapter 1: Introduction to AirWatch Inbox 3

    Security and Enhancements 3 Requirements 5

    Chapter 2: Initial Configurations 7

    Configure Profile Payloads 7

    Chapter 3: App Suite SDK Configurations 8

    Default vs Custom SDK Profiles 8 Custom SDK Profile Settings 9 Configure Default SDK Security Settings 10 Expected Behavior for SDK Authentication 16 Apply SDK Settings to the Android Agent 16 Apply SDK Settings to the iOS Agent 17

    Chapter 4: Application Configuration 18

    Chapter 5: Application Deployment 20

    Overview of VMware Browser Deployment 20 Deploy Workspace ONEUEM Applications 20 Migrate from Other Clients 22

    Chapter 6: Troubleshoot AirWatch Inbox 23

    For iOS 23 Mailbox Sync Failure 24 For Android 24

    Chapter 7: SDK Profiles, Policies and Settings Compatibility 27

    Settings and Policies Supported Options forWorkspace ONEUEM Applications 27

    Chapter 8: AirWatch Inbox ComparisonMatrix 30

    2

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

  • Chapter 1: Introduction to AirWatch Inbox AirWatch Inbox is a fully containerized email management solution for iOS, Windows Desktop, Windows Phone, and Android devices. AirWatch Inbox enables you to remotely configure and manage enterprise email accounts while maintaining personal and enterprise data separately for end users. The application supports Exchange ActiveSync and offers encryption for email messages and attachments. Some of the application data loss prevention features are: 

    l Passcode setup to access the application.

    l Configuration of restrictions such as disable copy/paste.

    l Removal of email messages and attachments upon an enterprise wipe.

    Security and Enhancements AirWatch Inbox provides security measures and data loss prevention strategies across mobile devices using UEM console.

    Using an AES 256-bit encryption algorithm, the AirWatch Inbox secures email content by encrypting message data such as email address and message text by storing it in a local database. The email database and attachments are stored in a protected app space that is inaccessible to third-party applications.

    Note: AirWatch Inbox does not support AES encryption using SMIME.

    Security Features

    Following security features can be configured within the AirWatch email profile:

    l Account Information / Email Message Encryption

    All device account information, including email password and message information such as themessage body, are encrypted when written to the application database. The application database is not accessible on both rooted and non-rooted devices. Additionally, in rooted devices, the account information cannot be read as it is fully encrypted.

    3

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

  • l Email Attachment Encryption

    With AirWatch Inbox, all saved attachments are downloaded to the encrypted internal application space to ensure protection. Inbox, along with SEG integration, encrypts the attachments once again which can later be opened from the VMware Content Locker. This ensures full end-to-end encryption.

    l SEG/PowerShell Support

    When configured, the AirWatch Inbox automatically sends a unique EAS identifier to the AirWatch database. This EAS identifier is used to identify the device as a managed device through SEG or PowerShell commands. As a managed device, the administrator can create different email compliance policies using the SEG or PowerShell commands.

    Chapter 1: Introduction to AirWatch Inbox

    4

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

  • Requirements

    Console Requirements

    Platform Console Version

    iOS AirWatch Console v7.0+

    Android AirWatch Console v6.5+

    Windows Desktop AirWatch Console v7.2+

    Windows Phone AirWatch Console v8.1+

    Supported Devices and Software

    Platform Supported Devices and Software

    iOS iOS 7+** , iPhone, iPad (4, Air, Mini), AirWatch Agent v4.9.1110+

    Android Android 4.0+, AirWatch Agent v5.0+ or AirWatch Container v1.5+

    Windows Desktop Windows 8.1/Pro/Enterprise and higher or Windows Desktop 8.1+, AirWatch Agent v1.1.0.23+

    Windows Phone Windows Phone 8.1+

    **Note: iOS 7 and iOS 8 supports Inbox only till v2.5.9. To take advantage of new features and versions, devices need to update to iOS 9 or later.

    Supported File Types

    Platform Supported File Types

    iOS .doc, .pdf, .ppt, .txt, .jpg, .gif, .png, .mp3, .html, .ics, .xml, and .xls

    Android .txt, .xls, .doc, .png, .jpg, .ppt, .mp4, .mp3, and .pdf

    Windows Desktop .txt, .png, .jpg, .pdf, .xls, .ppt, .doc, .gif, .html, .mp3, .mp4, and .xml

    Windows Phone .txt, .png, .jpg, .pdf, .xls, .ppt, .doc, .gif, .html, .mp3, .mp4, and .xml

    Other Requirements

    l iOS

    o Exchange ActiveSync 2003/2007/2010/2013/2016 or Office 365, Lotus Notes 9.0 email server

    l Android

    o Exchange ActiveSync 2007/2010/2013/2016 or Office 365, IBM Lotus Notes 9.0 from Android Inbox v2.1 release onwards, Google Apps for Work from Android Inbox v2.3 release onwards

    Chapter 1: Introduction to AirWatch Inbox

    5

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

  • Two factor authentication in Android requires Exchange server credentials and certificate.

    l Windows Desktop

    o Exchange ActiveSync 2007/2010/2013/2016 and Office 365

    l Windows Phone

    o Exchange ActiveSync 2007/2010/2013/2016 and Office 365

    Chapter 1: Introduction to AirWatch Inbox

    6

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

  • Chapter 2: Initial Configurations

    Configure Profile Payloads UseMobile DeviceManagement (MDM) functionality to enhance app performance by configuring a profile payloads in a two-step process. First, configure general settings. Then, specify the type of restriction or setting to apply to the device by selecting a payload from the list.

    The available payloads and their configurable settings differ between platforms. This section provides a description of applicable payloads and brief instructions to help you get started.

    1. Navigate to Devices > Profiles > List View > Add and select Add Profile.

    2. Select the appropriate platform for the profile that you want to deploy.

    3. ConfigureGeneral settings to determine how the profile deploys, who receives it, and other overall settings.

    4. Select and configure a Payload.

    Payload Description iOS Android Windows Desktop

    Windows Phone

    Exchange ActiveSync

    This payload allows users to access corporate push based email infrastructures and allows to set the sync frequency for calendar and email systems.

    ✓ ✓ ✓ ✓

    Credentials Configure this payload with digital certificates to protect your corporate email, Wi-Fi, VPN, and other corporate assets.

    ✓ ✓ ✓ ✓

    SCEP Along with Credentials payload, you can also configure SCEP to handle digital certificates pushed to large-scale devices.

    5.

    For step-by-step instructions on configuring a specific Payload for a particular platform, please refer to the applicable Platform Guide. Select Save & Publish.

    7

    VMware AirWatch Inbox AdminGuide | v.2018.09 | September 2018

    Copyright©2018 VMware, Inc. All rights reserved.

  • Chapter 3: App Suite SDK Configurations

    Default vs Custom SDK Profiles When you configure your application, you select a custom or a default application profile. This action applies an SDK profile to the application, giving deployed Workspace ONE UEM applications additional features.

    To ensure your application configuration runs smoothly , it is helpful to:

    l Know the difference between a Custom and Default SDK profile.

    l Determine if a Custom or a Default SDK profile is more appropriate for your application.

    l Ensure you have configured the SDK profile type that you want to apply.

    Use the following chart to determine if you want to apply a Default or Custom SDK profile to your application, and to direct you to the configuration instructions for the profile you use.

    You can define SDK profiles using two different profile types: Default or a Custom SDK application profil