Cloud Services MDM. Email Management Admin Guide



Similar documents
Cloud Services MDM. Overview & Setup Admin Guide

Introduction to Google Apps for Business Integration

Introduction to the Secure Gateway (SEG)

Introduction to Mobile Management (MEM)

Vodafone Secure Device Manager Administration User Guide

Cloud Services MDM. ios User Guide

Cloud Services MDM. Application Management Admin Guide

Telstra Mobile Device Management (T MDM) Getting Started Guide

Introduction to PowerShell Integration

PowerShell Configuration Guide

Cloud Services MDM. Telecom Management Admin Guide

Advanced Configuration Steps

Introduction to the AirWatch Browser Guide

Preparing for GO!Enterprise MDM On-Demand Service

Compliance Rule Sets in MaaS360

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Introduction to Directory Services

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

MaaS360 Mobile Device Management (MDM) Administrators Guide

COMMUNITAKE TECHNOLOGIES MOBILE DEVICE MANAGEMENT FROM BELL USER GUIDE

GETS AIRWATCH MDM HANDBOOK

Introduction to Mobile Application Management (MAM)

Sophos Mobile Control Administrator guide. Product version: 3

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Sophos Mobile Control Administrator guide. Product version: 3.6

Booth Gmail Configuration

Mobile Device Management Version 8. Last updated:

Manage Mobile Devices

Sophos Cloud Help Document date: January 2016

Quick Start and Trial Guide (Mail) Version 3 For ios Devices

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

GCM for Android Setup Guide

EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

Certificate Management

Cloud Services MDM. Control Panel Provisioning Guide

EM L18 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

How To Integrate An Ipm With Airwatch With Big Ip On A Server With A Network (F5) On A Network With A Pb (Fiv) On An Ip Server On A Cloud (Fv) On Your Computer Or Ip

AVG Business SSO Partner Getting Started Guide

Exchange 2003 Mailboxes

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Sophos Mobile Control Super administrator guide. Product version: 3

Introduction to the EIS Guide

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Initial Setup of Microsoft Outlook 2011 with IMAP for OS X Lion

DESKTOP CLIENT CONFIGURATION GUIDE BUSINESS

Secure Outgoing Mail (SMTP) Setup Guide

Release 2.0. Cox Business Online Backup Quick Start Guide

MaaS360 Cloud Extender

User's Guide. Product Version: Publication Date: 7/25/2011

Configuration Guide BES12. Version 12.3

Dashboard Builder TM for Microsoft Access

Copyright 2013, 3CX Ltd.

MaaS360 On-Premises Cloud Extender

Certificate Management

Recommended Browser Setting for MySBU Portal

8.6. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.6. Contents

User Guide. Version R91. English

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Mobile Device Management Version 8. Last updated:

Android App User Guide

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

NetSpective Global Proxy Configuration Guide

GlobalProtect Configuration for IPsec Client on Apple ios Devices

Kaspersky Lab Mobile Device Management Deployment Guide

client configuration guide. Business

Introduction to Mobile Access Gateway Installation

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Sophos Mobile Control SaaS startup guide. Product version: 6

RESCO MOBILE CRM USER GUIDE. Access your CRM data on any mobile platform ipad, iphone, Android, Windows Phone or Win XP/Vista/7/8

Velocity Web Services Client 1.0 Installation Guide and Release Notes

Web Portal User Guide

Server Installation ZENworks Mobile Management 2.7.x August 2013

B&SC Office 365

User Guide for eduroam

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

GO!Enterprise MDM Device Application User Guide Installation and Configuration for ios with TouchDown

IsItUp Quick Start Manual

Mobility Manager 9.5. Users Guide

FOR WINDOWS FILE SERVERS

HelpSystems Web Server User Guide

Delegated Administration Quick Start

How to Set Up Outlook 2007 and Outlook 2010 for Hosted Microsoft Exchange if the Program is Already Installed

Resource Online User Guide JUNE 2013

GPS Tracking Software Training and User Manual

Hosted Exchange Setup Instructions

User Manual for Web. Help Desk Authority 9.0

Outlook 2011 Setup For ITS Exchange 2010 Server Using A SOM Domain Login

Axis 360 Administrator User Manual. May 2015

Professional Mailbox Software Setup Guide

Office of Information Technology Connecting to Microsoft Exchange User Guide

Background Deployment 3.1 (1003) Installation and Administration Guide

ProactiveWatch 2.0 Patch Management and Reporting

Setting up Microsoft Office 365

Oracle Managed File Getting Started - Transfer FTP Server to File Table of Contents

Configuration Guide BES12. Version 12.2

Transcription:

Cloud Services MDM Email Management Admin Guide 10/27/2014

CONTENTS Email Management... 2 Email Compliance Policies... 3 Email Policies... 4 Attachment Security Policies... 8 Attachment Security Policies ios Devices... 8 Attachment Security Policies Other Devices... 10 Unmanaged Devices... 11 Email Attachment Control... 12 Email Management Dashboard... 13 Keep in Mind...... 16 1

Email Management is one of nine sections of the overall Admin Guide for Mobile Device Manager. The following is the complete list of MDM Admin Guide components: MDM Overview and Setup Device Management Profile Management Geofencing Application Management Content Management Email Management Telecom Management Reports and Alerts EMAIL MANAGEMENT MDM provides administrators with several options for configuring secure integration with corporate email services. The most robust and extensible solution is through the Secure Email Gateway, which allows the administrator to secure, monitor, and manage both the smart device fleet and corporate email access, all from the Admin Console. MDM simplifies and secures Email management by allowing the administrator to perform the following tasks: Quickly monitor and troubleshoot email server requests through the Secure Email Gateway Dashboard. Gain visibility and control on top of the existing corporate email structure to ensure that corporate email actions are secure and compliant. Create and edit email compliance rules, including Blacklist and Whitelist policies. 2

Control email access for both managed devices and unmanaged devices. o For devices under MDM, the data collected from the Secure Email Gateway can be correlated to the device s existing record to show you how the managed devices are interacting with your email server. o For devices not under MDM, the data can be viewed on the dashboard to help the administrator track rogue devices and gain a more complete picture of the mobile email deployment. Configure integration with a number of corporate email services, including (but not limited to): o o Microsoft Exchange o Google Apps for Business o Microsoft BPOS o Microsoft Office365 o Lotus o Novell Groupwise versions 8.5+ EMAIL COMPLIANCE POLICIES Email compliance policies allow the administrator to block access to corporate email servers for enhanced email security based on pre- defined compliance policies. You can configure email compliance policies in either of the two following ways: Navigate to Dashboards Email Management and then select Email Policies on the left. Navigate to Profiles & Policies Compliance and then select Email Policies from the Compliance view on the left. 3

EMAIL POLICIES Depending upon your Mobile Email Management (MEM) deployment, the Email Policies screen provides three categories of compliance policies: General Email Policies, Managed Device Policies, and Attachment Security Policies. Within each category, there is a list of current compliance policies (shown below). NOTE: Email Policies can be configured only at the Location Group at which MEM is configured. By default, all child Location Groups inherit the created policies. The circles under the Active column indicate whether the policy is active (green) or inactive (red). Checking the Disable Compliance option forces Mobile Email Management (MEM) to function in Bypass mode. This option is applicable for all the MEM configuration models (i.e., for Proxy, PowerShell, and Google). NOTE: In Bypass mode, no compliance policy will be applied against the devices. To make changes to a policy, hover over the pencil icon under the Actions column and click Edit Policy. If a window is open, click [Save] to finish editing the policy, or [Cancel] to return the values to the last saved state. General Email Policies General Email Policies are applicable to MEM deployments involving the Secure Email Gateway (SEG) and the PowerShell Integration. 4

Managed Device This policy allows you to determine the outcome if an unmanaged device attempts to contact the corporate email server. 1. Open the policy and specify whether to Allow or Block an unmanaged device. 2. Click [Save]. Mail Client This policy allows you to control email access to a list of mail clients. 1. Open the policy and click [Add Rule]. 2. Select an option from the Client Type drop- down menu: Pre- Defined The known mail clients stored in the MDM database. Discovered The mail clients that connect through the gateway, but are not currently stored in the MDM database. Custom Specified mail clients (i.e., Apple or Android). 3. Select the Mail Client from the drop- down menu; if you selected Custom, enter the mail client in the field. 4. Choose to either Allow or Block the specified mail client and type. 5. Specify the default policy (Allow or Block) for all other mail clients not currently listed. This applies to all known mail clients that are not currently listed in the policy. 6. Specify the default policy (Allow or Block) for all new or discovered mail clients not currently listed. This applies to all mail clients that are not currently stored in the MDM database. 7. Click [Save]. 5

User This policy allows you to list specific users who are allowed or denied access to the email server and receive corporate email on their mobile device. 1. Select a User Type from the drop- down menu: o User Account Select a registered device user from the Admin Console database. o Discovered Choose the users that are connecting through the gateway and are not currently stored in the database. o Custom Choose the specific users. 2. Select a User Name from the drop- down menu. 3. Make a selection to Allow, Block, or Whitelist the specified user. 4. Specify a default policy (Allow or Block) the default action for all other usernames not currently listed. This applies to all known usernames that are not currently listed in the policy. 5. Specify the default policy (Allow or Block) for all new or discovered usernames not currently listed. This applies to all usernames that are not currently stored in the MDM database. 6. Click [Save]. Managed Device Policies Managed Device Policies are only enforced on devices currently enrolled in MDM. Inactivity This policy allows you to specify if you allow or deny inactive devices to access the email server, as well as the policy for the number of days a device has not been managed before it is considered inactive. 1. Open the policy and specify whether to Allow or Block inactive devices from connecting to the email server. 2. Enter the number of days of inactivity before a device is considered inactive. 3. Click [Save]. 6

Device Compromised Compliance This policy allows you to determine the outcome if a compromised device attempts to contact the corporate email server. 1. Open the policy and select whether to Allow or Block compromised devices to access their email server. 2. Click [Save]. Encryption Compliance This policy allows you to determine the outcome if a device does not have data protection turned On while attempting to access the corporate email server. 1. Open the policy and select whether to Allow or Block devices that do not data protection enabled. 2. Click [Save]. Platform/Model Compliance This policy allows you to define which platforms and models you want to either access or be blocked from the corporate email server. 1. Open the policy and click [Add Rule]. 2. Select an option from the Platform and Model drop- down menus. 3. Make a selection to Allow or Block the specified platform and model. 4. Specify the default policy (Allow or Block) for all platforms and models not currently listed. 5. Click [Save]. 7

Operating System Compliance Administrators might want to block a version of an OS used by a particular mobile device for many different reasons. For example, an admin might decide to temporarily block an OS (until the admin can resolve the problem) because it is stressing an email server due to a bug or other technical issue. Another scenario might be to only allow specific platforms and OS(s) ranges that you want to access the corporate email server, and block all others from receiving their email. 1. Open the policy and click [Add Rule]. 2. Select the type of device from the Platform drop- down menu. 3. Select the minimum and the maximum operating system for the device from the Min OS and Max OS drop- downs. 4. Specify the default policy (Allow or Block) for all OS versions not currently listed. 5. Click [Save]. ATTACHMENT SECURITY POLICIES Attachment Security Policies are used to secure email attachments being downloaded onto mobile devices. Attachment Security is available for deployments involving the SEG proxy server. In order to prevent misuse of corporate email attachments, MDM s SEG has been enhanced to encrypt and secure individual attachment files. These security policies ensure that only compliant devices enabled with the Secure Content Locker (SCL) application can decrypt and view the attachment. Managed Devices Managed Device policies are enforced only on devices that are enrolled in MDM. You can configure the file attachments that need to be encrypted and secured via SCL and set policies that can be enforced on files that cannot be viewed on the SCL via the console. Select ios Devices to configure attachment settings for ios devices. OR Select Other Devices to configure attachment settings for Android devices. ATTACHMENT SECURITY POLICIES IOS DEVICES 8

The following screen illustrates the features available for configuring the email attachment security policy for managed ios devices. Use Recommended Settings Enabling this option defaults the policy to the recommended settings, where pre- defined settings are enforced on devices. You may choose to customize the policy based on your corporate requirements. Actions on Specific file types Selecting the radio buttons facilitates MDM to communicate with the SEG the actions to be performed on attachments of specific file types. o Encrypt & Allow Attachments Implies that the SEG will encrypt attachments of specific file type(s), and these can be decrypted and read only via the SCL application on the device. o Block Attachments Implies that the SEG will block attachments of the specific file type(s). o Allow Attachments without Encryption Implies that the SEG will allow attachments of the specific file type without encryption. The attachments can be opened/saved/edited on the device through the native readers. Enabling/disabling the Allow Attachments to be saved in Secure Content Locker check box allows you to decide whether or not to allow the device user to save the attachment locally in the SCL. 9

Select the radio button actions under the Other Files area to update settings for the file types other than the standard file categories that are currently supported. o You can exclude specific file types from MDM's email attachment setup under the Exclusion section. For example, you can block all other file types while excluding AUTOCAD files of type.dwg. o You can also set a message to be displayed in emails on devices for the blocked attachments file types under the Custom Message for Blocked section. For example, "One or more email attachments have been blocked per Acme's corporate policy." ATTACHMENT SECURITY POLICIES OTHER DEVICES The below screen describes the features available for the configuring email attachment security policy for other managed devices. NOTE: With the Encrypt & Allow Attachments option, attachments downloaded on other managed devices will be encrypted, but cannot be viewed on the device. However, the device users will be able to forward these emails with the encrypted attachment from their devices. 10

UNMANAGED DEVICES Unmanaged Device policies are enforced only on devices that are not enrolled and managed in MDM. Use Recommended Settings Enabling this option defaults the policy to MDM recommended settings, where pre- defined settings are enforced on devices. You may choose to customize the policy based on your corporate requirements. Actions on Specific file types Selecting the radio buttons facilitates MDM to communicate with the SEG the actions needed on attachments of specific file types. o Encrypt & Allow Attachments Implies that the SEG will encrypt attachments of specific file type(s), and these can be decrypted and read only via the SCL application on the device. o Block Attachments Implies that the SEG will block attachments of the specific file type(s). o Allow Attachments without Encryption Implies that the SEG will allow attachments of the specific file type without encryption. The attachments can be opened/saved/edited on the device through the native readers. You can exclude specific file types from MDM's email attachment setup under the Exclusion section. You can also set a message to be displayed in emails on devices for the blocked attachments file types under the Custom Message for Blocked section. Apply Email Compliance Policies After you create or edit Email compliance policies, the policies will be automatically applied when SEG is refreshed (configure the refresh interval in System Settings Email Advanced). To instantly apply the policy, click the [Provision Policy Changes] button at the bottom of the Email Compliance Policies page. 11

EMAIL ATTACHMENT CONTROL MDM offers complete email control as an option for all devices accessing corporate email. This aspect of mobile email access allows organizations advanced security settings otherwise unavailable through native email clients. More than simply denying access to send and receive attachments, you can manage email attachment settings with flexible encryption and access policies based on file type, including the option to decrypt and open securely in the Content Locker. Manage all of these attachment settings from the Admin Console. Prerequisites MDM's email attachment control features leverage two aspects of MDM. The following prerequisites must be in place: Secure Email Gateway (SEG) v6.3 or higher: The SEG allows a secure connection from internal mail servers and each mobile device. Content Locker v1.6 or higher: The Content Locker serves as the secure area for viewing and managing attachments. Upon receiving an email, the Content Locker detects attachment presence and immediately sends the content to the secure viewing area. o To begin, purchase the MDM Mobile Content Management module. o Then deploy the Content Locker as a public managed application. Accessing Attachment Settings Once the SEG and Content Locker infrastructure is properly established, manage email attachments settings alongside all other MDM features and settings in the Admin Console. Create customized email attachment settings for both managed and unmanaged devices by navigating to Profiles & Policies Compliance Email Policies. Select the Edit Policy option to the right of each device type in the Attachment Security Policies area. For more details on configuring email attachment settings, refer to Email Compliance Policies. Accessing Protected Email Attachments Once Email Attachment Protection has been enabled, end- users are able to access attachments as established in the Admin Console. These options include the following: Allowed & Unencrypted Attachments Attachments display normally within the mailbox. Blocked Attachments Attachments are removed and replaced with a message notifying the user that the attachments have been blocked. Encrypted Attachments Attachments display in the mailbox as an encrypted *.awsec file type that can only be decrypted and read from within the Content Locker. 12

Opening Encrypted Email Attachments To open encrypted email attachments in the Content Locker: 1. Select the email attachment. 2. Select Open in Content Locker. 3. Authenticate with corporate credentials. The attachment automatically decrypts and opens. NOTE: The file cannot be opened or transferred outside of the Content Locker. EMAIL MANAGEMENT DASHBOARD Each time a device attempts to connect to your mobile email server through the Secure Email Gateway (SEG), the gateway gathers statistics about the request. This information is presented on a dashboard in the MDM console and can be used to assess the health of your mobile email deployment. To access the Email Management Dashboard, do the following: 1. Navigate to Dashboards Email Management. 2. Click the Location Group drop- down and select the group that connects to the SEG in your corporate environment. 3. Click All under Request Time. NOTE: The basic Email Management Dashboard is available as a view under the main Dashboard, but it does not contain time interval view options or editing capabilities. 13

Graphs and Grid The Email Management Dashboard view is controlled by the three graphs at the top of the screen and a grid below the graphs, which display the data from the selected graph or data group. Device Activity The total number of devices communicating through the gateway and the number of blocked and allowed devices. Devices The total number of devices communicating through the gateway and the number of managed and unmanaged devices. Non- Compliant Devices The number of noncompliant devices communicating through the gateway according to the compliance criteria, as specified in Email Compliance Policies. Grid The devices that have accessed the SEG. Request Time Views The Request Time views allow the administrator to adjust the dashboard view for all time periods, or for time intervals throughout the last 24 hours. Click All or select a time interval to update the charts and grids with the time selection. Email Compliance in the Dashboard To edit email compliance policies, click Email Policies. For more information about creating email compliance policies, see Email Compliance Policies. 14

Override an Email Compliance Policy After email compliance policies are in place for the Secure Email Gateway, the administrator may find the need to make Blacklist or Whitelist exceptions, or to remove a device from the list of exceptions. To override a compliance policy: 1. Select Policy Override List to view the current override status for all of the devices that are communicating through the gateway. This page also provides the ability to add, remove, or change an override to any of the devices listed in the grid. 2. Select a device from the grid to perform a policy override on that device by checking the box on the left. The device selected in the screen is a Whitelisted device. 3. Click any one of the following to override the current policy: Whitelist Allow the device to override email compliance policies. Blacklist Block the device, even if there are policies that allow (or whitelist) the device. Default Remove the device from the override list and apply the configured email compliance policies to that device. Dashboard Test Mode Test mode allows mobile devices to communicate through the gateway even when restrictive compliance policies are currently enabled. The Dashboard displays the noncompliant reason code(s) for a device to indicate all applicable restrictions if the test mode was not enabled. To enable test mode, check the Test Mode checkbox in the upper right corner of the dashboard. To disable test mode, uncheck the Test Mode checkbox and the compliance policies are applied again to each device that communicates through the gateway. The Dashboard displays the noncompliant reason code(s) for a device to indicate all applicable restrictions that are now being applied. 15

KEEP IN MIND... Use filter views and searches to view devices in the Secure Email Gateway dashboard grid according to compliance criteria. The administrator can filter the devices displayed on the grid based upon override status. Select a filter to view Blacklisted, Whitelisted, or All devices. The filter functionality provides the ability to search the grid within the displayed results. o Enter the full or partial search term in the Search box. 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information