Email Plusi OSGuide
Uploaded by
jonjaballeEmail Plusi OSGuide
Uploaded by
jonjaballeMobileIron Email+ 3.2.
0 for iOS Guide
for Administrators
for MobileIron Core and MobileIron Cloud
May 07, 2018
Proprietary and Confidential | Do Not Distribute
Copyright © 2015 - 2018 MobileIron, Inc. All Rights Reserved.
Any reproduction or redistribution of part or all of these materials is strictly prohibited. Information in this publication
is subject to change without notice. MobileIron, Inc. does not warrant the use of this publication. For some phone
images, a third-party database and image library, Copyright © 2007-2009 Aeleeta's Art and Design Studio, is used.
This database and image library cannot be distributed separate from the MobileIron product.
“MobileIron,” the MobileIron logos and other trade names, trademarks or service marks of MobileIron, Inc.
appearing in this documentation are the property of MobileIron, Inc. This documentation contains additional trade
names, trademarks and service marks of others, which are the property of their respective owners. We do not
intend our use or display of other companies’ trade names, trademarks or service marks to imply a relationship
with, or endorsement or sponsorship of us by, these other companies.
MobileIron Email+ 3.1.0 for iOS Guide for Administrators | 2
Contents
Chapter 1 Overview of Email+ for iOS .................................................................................... 5
About Email+ for iOS ........................................................................................................ 5
Where to find Email+ for iOS ........................................................................................... 5
About Email+ for iOS configuration ................................................................................ 6
What users can do in Email+ for iOS .............................................................................. 6
Chapter 2 Configuring Email+ for iOS..................................................................................... 7
Required components for an Email+ for iOS deployment ............................................ 7
Before you configure Email+ for iOS .............................................................................. 7
Main steps for Configuring Email+ for iOS (Core) ......................................................... 8
Adding Email+ for iOS to MobileIron Core as a recommended app ................................... 8
Enabling third-party AppConnect apps ............................................................................... 9
Configuring the AppConnect global policy .......................................................................... 9
Configuring the AppConnect container policy ................................................................... 11
Creating an AppConnect app configuration for Email+ ..................................................... 11
ActiveSync server synchronization due to app configuration changes ........................................13
Customize Email+ app behavior with key-value pairs .................................................................13
Configuring email attachment control with Standalone Sentry ......................................... 13
Informing users to install Email+ for iOS ........................................................................... 14
Main steps for configuring Email+ for iOS (Cloud) ...................................................... 15
Adding Email+ for iOS on MobileIron Cloud ..................................................................... 15
Configuring Email+ for iOS on MobileIron Cloud .............................................................. 15
Email+ installation on an iOS device (Core and Cloud) .............................................. 16
Email+ for iOS installation from notification ...................................................................... 16
Email+ for iOS installation from the MobileIron app catalog ............................................. 17
Email+ configuration field description (Cloud) ............................................................ 17
Chapter 3 Additional configurations using key-value pairs.................................................... 20
Key-value pairs for customizing Email+ for iOS .......................................................... 20
S/MIME support in Email+ for iOS ................................................................................. 37
Before you set up S/MIME for Email+ for iOS .................................................................. 37
Pushing S/MIME certificates from MobileIron Core .......................................................... 37
Enabling per-message S/MIME for iOS .......................................................................................38
Configuring key-value pairs .........................................................................................................38
Pushing S/MIME certificates from MobileIron Cloud ......................................................... 38
Importing S/MIME certificates to the device through email ............................................... 39
Background email checks and user notifications ....................................................... 39
How Email+ for iOS checks for new emails ...................................................................... 40
Configuring Web@Work for iOS to open mailto links in Email+ for iOS ................... 40
Allow copy from Email+ for iOS to other AppConnect apps only .............................. 41
What Email+ for iOS users see for copy/paste .................................................................42
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 3
Chapter 4 Real-time push notifications ................................................................................. 43
About real-time push notifications for Email+ for iOS ................................................ 43
Need for a notification service ........................................................................................... 43
How the notification service works .................................................................................... 44
Standalone Sentry setup for real-time push notifications .......................................... 45
Exchange, real-time push notifications, and Standalone Sentry setup ............................. 45
EWS service and Standalone Sentry setup ...................................................................... 46
Deployment use cases for real-time push notifications ............................................. 47
Before you configure real-time push notifications ...................................................... 47
Configuring EWS to send push notifications ..................................................................... 47
Configuring additional Exchange setup for identity certificates ......................................... 48
Overview of configuration on MobileIron Core ............................................................ 49
Using MobileIron Tunnel to tunnel EWS traffic (Core) ...................................................... 49
Using AppTunnel to tunnel EWS traffic (Core) .................................................................49
Description of configurations in MobileIron Core ....................................................... 50
Configuring SCEP settings ............................................................................................... 50
Configuring an AppTunnel service .................................................................................... 50
Updating the AppConnect app configuration for Email+ ................................................... 51
Overview of configuration on MobileIron Cloud .......................................................... 52
Using MobileIron Tunnel to tunnel EWS traffic (Cloud) ....................................................52
Using AppTunnel to tunnel EWS traffic (Cloud) ................................................................ 52
Description of configurations in MobileIron Cloud ..................................................... 53
Configuring a custom HTTP service ................................................................................. 53
Configuring Identity certificate setting ............................................................................... 54
Updating the app configuration for Email+ ........................................................................ 54
Keys for real-time and interval-based push notifications (Core and Cloud) ............. 55
Key-value pairs for real-time push notifications ................................................................ 55
Key-value pairs for push notifications (interval-based) ..................................................... 57
Verifying that the cloud notification service is working ............................................. 58
Using Kerberos Constrained Delegation with Email+ for real time notifications ..... 59
Chapter 5 Troubleshooting Email+ for iOS ........................................................................... 60
Setting up logging for Email+ for iOS (Core) ............................................................... 60
Detailed logging for AppConnect apps for iOS (Core) ................................................ 61
Email+ crash recovery .................................................................................................... 61
Chapter 6 What users see..................................................................................................... 62
Real-time push notifications .......................................................................................... 62
How will I receive Email+ notifications? ............................................................................ 62
How do I change the notification settings? ....................................................................... 62
Why do I see two notifications for each email? .................................................................63
Why am I not receiving Email+ Notifications? ................................................................... 63
How do I turn on/off notification details on the lock screen? ............................................. 64
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 4
1
Overview of Email+ for iOS
The following provide an overview of the Email+ app for iOS devices:
• About Email+ for iOS
• Where to find Email+ for iOS
• About Email+ for iOS configuration
• What users can do in Email+ for iOS
About Email+ for iOS
MobileIron Email+ for iOS provides secure email, calendar, contacts, notes, and tasks on corporate-owned and
BYOD iOS devices by communicating with an ActiveSync server in your enterprise.
Email+ for iOS is an AppConnect-enabled app. AppConnect is a MobileIron feature that containerizes apps to
protect content on iOS and Android devices. Each AppConnect app becomes a secure container whose content is
encrypted and, protected from unauthorized access. Because each user has multiple business apps, each app
container is also connected to other secure app containers. This connection allows the AppConnect apps to share
content. AppConnect apps are managed using policies configured in a MobileIron Enterprise Mobility Management
(EMM) platform. The EMM platform is either MobileIron Core or MobileIron Cloud.
As an AppConnect app, all Email+ content is secured. The app interacts with other apps according to the data loss
prevention policies that you specify. The app has the following secure features:
• Secure apps passcode: A secure apps passcode, if you require one, protects access to all secure apps. This
is the AppConnect passcode, which you define in MobileIron EMM. The AppConnect passcode provides an
additional layer of security for secure apps, beyond the device passcode.
• Data encryption: AppConnect encrypts all AppConnect-related data on the device, such as Email+ app data,
app configurations, and policies. This means app data is secure even if a device is compromised.
• Data loss prevention: You determine whether Email+ for iOS can use the iOS copy/paste or open-in features.
AppConnect data loss prevention policies control if users can copy/paste data out of Email+ and control how
email attachments can be shared with other apps via open-in.
For information about AppConnect features and configuration beyond Email+ for iOS, see the AppConnect and
AppTunnel Guide.
Where to find Email+ for iOS
You can download Email+ for iOS from the Apple App Store.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 5
Overview of Email+ for iOS
About Email+ for iOS configuration
You configure settings for Email+ in the MobileIron EMM platform. Because MobileIron EMM provides these
settings to the app, device users do not have to manually enter configuration details. By automating the
configuration for device users, each user has a better experience when installing and setting up the app. Also, the
enterprise has fewer support calls, and the app is secured from misuse due to configuration.
These settings include, for example:
• the ActiveSync server, or the Standalone Sentry that interacts with the ActiveSync server.
• the user ID for the ActiveSync server.
• the SCEP or certificate setting for the certificate that the device presents to the Standalone Sentry for
authentication, if you are using certificates for authentication.
• Kerberos Constrained Delegation with Standalone Sentry, which provides a better user experience for device
users.
What users can do in Email+ for iOS
When users launch Email+ for iOS, users can do the following from the main screen:
• Email: Send and receive their corporate email, and manage any sub-folders.
• Calendar: Manage and synchronize their corporate calendar data, including meetings and appointments in a
daily, monthly, or list view.
• Contacts: Manage and synchronize their corporate contacts.
• Notes: Manage, synchronize, and create new notes.
• Tasks: Manage, synchronize, and create new tasks.
• Settings: Manage their certificates, keys, recognized certificate authorities, as well as alerts, sync period,
S/MIME signing and encryption, and so on.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 6
2
Configuring Email+ for iOS
The following describe how to set up Email+ for iOS:
• Required components for an Email+ for iOS deployment
• Before you configure Email+ for iOS
• Main steps for Configuring Email+ for iOS (Core)
• Main steps for configuring Email+ for iOS (Cloud)
• Email+ installation on an iOS device (Core and Cloud)
• Email+ configuration field description (Cloud)
Required components for an Email+ for iOS deployment
The following components are required for an Email+ for iOS deployment:
• MobileIron Enterprise Mobility Management (EMM) platform: MobileIron Core or MobileIron Cloud
• Sentry, with ActiveSync enabled (required if you want to secure access to the ActiveSync server using Sentry)
• An iOS device that is registered with a MobileIron EMM
• MobileIron client: Mobile@Work for MobileIron Core deployments, MobileIron Go for MobileIron Cloud
deployments.
For supported versions see the MobileIron Email+ for iOS Release Notes.
A device user who launches Email+ for iOS without MobileIron’s EMM platform will be running Email+ for iOS as
an unsecured standalone app during a 30 day trial.
NOTE: If a device user has already launched Email+ for iOS as a standalone trial app, the device user must
uninstall and reinstall Email+ for iOS to use it as a secure AppConnect-enabled app.
Before you configure Email+ for iOS
Before you configure Email+ for iOS:
• Ensure that all devices to which you plan to deploy Email+ must be able to access
[Link] This URL enables the use of ActiveSync features in Email+. No
identifiable information, however, is reported to the server.
• If you are using Sentry to allow access to your enterprise ActiveSync server, you must have either an
Integrated Sentry (MobileIron Core only) or Standalone Sentry installed and configured for ActiveSync with the
necessary device authentication set up.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 7
Configuring Email+ for iOS
• For related documentation see the following:
- For information on how to install Standalone Sentry, see the MobileIron Standalone Sentry Installation
Guide.
- For information on how to set up Standalone Sentry for ActiveSync, see
MobileIron Sentry Guide for MobileIron Cloud.
OR
“Adding an entry for Standalone Sentry in MobileIron Core” in the MobileIron Sentry Guide for MobileIron
Core.
- For information on how to set up Integrated Sentry, see “Adding an entry for Integrated Sentry in MobileIron
Core” in the MobileIron Sentry Guide for MobileIron Core.
NOTE THE FOLLOWING:
• For MobileIron Cloud, you will configure the Exchange (ActiveSync) service as part of the Standalone Sentry
setup for ActiveSync.
• In an Email+ deployment a separate Exchange configuration is not required. The Email+ configuration contains
the necessary settings.
Main steps for Configuring Email+ for iOS (Core)
Following are the main steps for configuring Email+ for iOS on MobileIron Core:
1. Adding Email+ for iOS to MobileIron Core as a recommended app.
2. Enabling third-party AppConnect apps.
3. Configuring the AppConnect global policy.
4. Configuring the AppConnect container policy
5. Creating an AppConnect app configuration for Email+.
6. Adding Email+ for iOS to MobileIron Core as a recommended app (for Standalone Sentry deployments only).
7. Informing users to install Email+ for iOS.
NOTE: You do not configure a separate Exchange setting for the device as you do for other email apps. The
AppConnect app configuration provides the necessary information.
Adding Email+ for iOS to MobileIron Core as a recommended app
Device users can download Email+ for iOS directly from the Apple App Store. You can also distribute Email+ for
iOS as a recommended app through Apps@Work.
Procedure
1. In the Admin Portal, go to Apps > App Catalog.
2. From the Quick Import drop-down list, select iOS.
3. Enter MobileIron Email+ in the Application Name text box.
4. Click Search.
5. Select the app from the list that is displayed.
6. For MobileIron Email+, click Import.
7. Click OK on the pop-up message, and close the Quick Import dialog.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 8
Configuring Email+ for iOS
MobileIron Email+ is now listed in the App Catalog. Information included in the app, such as the name, is
automatically configured. All other settings, such as the App Category and whether the app is a free app, are
set to default settings.
TIP: To view and edit the settings for the app, click on the app name in the App Catalog.
8. Select the app to apply the app to a label:
a. Click Actions > Apply to Label.
b. Select the label that represents the iOS devices for which you want the selected app to be displayed.
c. Click Apply.
Next steps
Continue to “Enabling third-party AppConnect apps” on page 9.
Related topics
• For more information on adding iOS apps to the app distribution library, see “Working with apps for iOS
devices” in the Apps@Work Guide. See also, “Setting per app VPN priority” in the Apps@Work Guide.
• For information on creating a MobileIron Tunnel VPN setting, see the MobileIron Tunnel for iOS Guide for
Administrators.
Enabling third-party AppConnect apps
Email+ for iOS requires you to enable the licensing option for third-party and in-house AppConnect apps.
Procedure
1. In the Admin Portal, go to Settings > System Settings.
2. Click Additional Products > Licensed Products.
3. Select AppConnect For Third-party And In-house Apps.
4. Click Save.
Next steps
Continue to “Configuring the AppConnect global policy” on page 9.
Configuring the AppConnect global policy
Because Email+ for iOS is an AppConnect app, AppConnect must be enabled in the AppConnect global policy if it
has not yet been configured. The AppConnect global policy specifies AppConnect app settings such as
AppConnect passcode and data loss prevention requirements. You can use the Default AppConnect Global Policy.
TIP: Most fields are set to suitable default values.
Procedure
1. In the Admin Portal, go to Policies & Configs > Policies.
2. Select the Default AppConnect Global Policy and click Edit.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 9
Configuring Email+ for iOS
FIGURE 1. ENABLE APPCONNECT IN THE APPCONNECT GLOBAL POLICY
3. For AppConnect, select Enabled.
4. (Optional) Scroll down to the Data Loss Prevention Policies section.
FIGURE 2. AUTHORIZE APPS WITHOUT AN APPCONNECT CONTAINER POLICY
5. (Optional) For Apps without an AppConnect container policy, select Authorize.
NOTE: If you do not select this option, then you must create an AppConnect container policy for Email+.
6. (Optional) If you select Authorize for Apps without an AppConnect container policy, also select the data
loss preventions options you want to enable.
7. Click Save.
NOTE: If you create a new AppConnect Global Policy, you must apply it to the appropriate labels. You do
not need to apply the Default AppConnect Global Policy to a label.
Procedure: Applying to a label
1. Select the AppConnect global policy.
2. Click More Actions > Apply To Label.
3. Select the appropriate labels to which you want to apply the policy.
4. Click Apply.
Next steps
Continue on “Configuring the AppConnect container policy” on page 11.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 10
Configuring Email+ for iOS
Related topics
For more information about the AppConnect Global policy, see the “Configuring the AppConnect global policy”
section in the AppConnect and AppTunnel Guide for detailed description of each field.
Configuring the AppConnect container policy
This task is only required:
• If you did not select Authorize for Apps without an AppConnect container policy, in the AppConnect Global
Policy.
• If you want to configure a different set of data loss prevention policies for Email+.
The AppConnect container policy authorizes an AppConnect app and specifies the data loss prevention settings.
The container policy overrides the corresponding settings in the AppConnect Global Policy.
NOTE: Make sure to apply only one AppConnect container policy for Email+ for iOS.
Procedure
1. In the Admin Portal, select Policy & Configs > Configurations.
2. Select Add New > AppConnect > Container Policy.
3. Enter a name for the policy.
4. Enter a description for the policy.
5. In the Application field, enter the bundle ID for the app:
[Link]
6. Configure the iOS data loss prevention policies according to your requirements.
7. Click Save.
8. Select the container policy.
9. Select More Actions > Apply To Label.
10. Select the labels to which you want to apply the policy.
11. Click Apply.
Next steps
Continue on to “Creating an AppConnect app configuration for Email+” on page 11.
Creating an AppConnect app configuration for Email+
Email+ for iOS requires an AppConnect app configuration in MobileIron Core. The AppConnect app configuration
provides the type of information that is usually configured in an Exchange setting, such as the fully qualified domain
name and user ID for the ActiveSync server, and certificate information. As such, Email+ for iOS does not require
an Exchange setting.
The AppConnect app configuration for Email+ for iOS also includes the bundle ID for the app and key-value pairs
used to configure app settings.
IMPORTANT: Make sure to apply only one AppConnect app configuration for Email+ for iOS to each device.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 11
Configuring Email+ for iOS
NOTE: If you make a mistake in the configuration, the app shows a message to the device user indicating
an error in configuration.
Procedure
1. In the MobileIron Core Admin Portal, go to Policy & Configs > Configurations.
2. Click Add New > AppConnect > Configuration to create a new AppConnect configuration.
3. In the Name field, enter brief text that identifies this AppConnect app configuration.
Example: Email+ for iOS
4. In the Description field, enter additional text that clarifies the purpose of this AppConnect app configuration.
5. In the Application field, enter the bundle ID for the app:
[Link]
6. In the App-specific Configurations section enter the following required key-value pairs:
Key Value
email_exchange_host Fully qualified domain name of your ActiveSync server or Sentry.
email_ssl_required Enter true to secure communication using https to the server that you
specified in email_exchange_host. Otherwise, enter false.
Typically, set this field to true unless you are working in a test
environment.
7. Click Save.
When you save an app configuration with the bundle ID [Link], MobileIron Core
automatically applies the following key-value pairs to the app configuration:
- email_exchange_username with value $USERID$
- email_device_id with value $DEVICE_UUID_NO_DASHES$
- email_address with value $EMAIL$
8. Select the new AppConnect app configuration.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 12
Configuring Email+ for iOS
9. Click More Actions > Apply To Label.
10. Select the labels to which you want to apply the AppConnect app configuration.
11. Click Apply.
ActiveSync server synchronization due to app configuration changes
Email+ for iOS synchronizes all emails, contacts, calendar, and task items with the ActiveSync server when the
device user first launches Email+ for iOS. It also does a full synchronization if you change the values of the
following keys in the app configuration:
• email_address
• email_exchange_host
• email_exchange_username
After you have changed one of these values, the full synchronization occurs the next time Email+ for iOS receives
the updated app configuration. Email+ for iOS receives the update the next time it runs after the AppConnect app
checkin interval has expired.
WARNING: The first Email+ for iOS synchronization with the ActiveSync server may require considerable time
and bandwidth, as does changing the values of the keys mentioned here.
Customize Email+ app behavior with key-value pairs
Administrators can customize Email+ app behavior by configuring key-value pairs in the App-specific
Configurations section of AppConnect app configuration for Email+ for iOS. These key-value pairs define app
behavior such as providing detailed notifications to device users and export contacts from Email+. See “Additional
configurations using key-value pairs” on page 20 for the complete list of custom key-value pairs.
Configuring email attachment control with Standalone Sentry
With Email+ for iOS, you can configure Standalone Sentry to deliver emails with attachments to the secure app.
The attachments can then only be shared with other apps according to your data loss prevention policies.
Therefore, when using secure email apps, you typically configure Standalone Sentry to use the email attachment
control setting called Open With Secure Email App.
Procedure
1. Go to Settings > Sentry in the MobileIron Core Admin Portal.
2. Select the Standalone Sentry that handles email for the devices.
3. Click the edit icon.
4. In the section Attachment Control Configuration, select Enable Attachment Control.
5. For iOS And Android Using Secure Email Apps, select Open With Secure Email App.
6. Click Save.
Related topics
• For more information about email attachment control, see the MobileIron Sentry Guide for MobileIron Core.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 13
Configuring Email+ for iOS
Informing users to install Email+ for iOS
You can inform device users by sending an APNS (Apple Push Notification Service) notification that directs device
users to the new or updated Email+ for iOS app in Apps@Work. Or, you can send an installation request directly to
all devices in the labels applied to Email+ for iOS, bypassing Apps@Work entirely.
As with badge notifications, updates are determined by comparing the version number of the installed app with that
of the update.
NOTE: The notification feature applies only to apps designated as Featured apps.
Procedure
1. In the Admin Portal, go to Apps > App Distribution Library.
2. Select iOS from the Select Platform list.
3. Select the featured app you want to work with.
4. Click Message.
FIGURE 3. SEND APP INSTALLATION REQUEST
5. Use the following guidelines to select the app installation option:
Item Description
Send request for new Prompts the device user to install the app if it is not already installed.
installations
Send request for updates Prompts the device user to update the app if it is not already updated.
Send request for both new Prompts the device user to install or update the app.
installations and updates
Use iOS managed app Ignore the Apps@Work display and immediately install or update the app.
install/update action
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 14
Configuring Email+ for iOS
6. To check the content of the message prior to sending:
a. Select the Push Notification template from the list.
b. Click View Messages.
7. Click Send.
The message is sent only for apps configured as featured apps in the app distribution library.
Main steps for configuring Email+ for iOS (Cloud)
You add Email+ from the MobileIron Cloud app catalog, and as part of the setup, you also specify the app
configurations.
Following are the main steps for configuring Email+ for iOS on MobileIron Cloud:
1. Adding Email+ for iOS on MobileIron Cloud
2. Configuring Email+ for iOS on MobileIron Cloud
Adding Email+ for iOS on MobileIron Cloud
Email+ for iOS is available in the app catalog in MobileIron Cloud.
Procedure
1. In MobileIron Cloud, go to Apps > App Catalog > +Add.
2. In Business Apps, click Email+ (iOS).
3. Make any updates as necessary and click Next
You can change the category and add a description.
4. Choose a distribution option for the app and click Next.
5. Update the default install settings or add install settings as necessary.
6. Update the promotion settings or add promotion settings as necessary.
7. For Email+ configuration, click + to add an Email+ configuration.
Next steps
• “Configuring Email+ for iOS on MobileIron Cloud” on page 15.
Configuring Email+ for iOS on MobileIron Cloud
The Email+ configuration provides the type of information that is usually configured in an Exchange setting, such
as the fully qualified domain name and user ID for the ActiveSync server, and certificate information. As such,
Email+ for iOS does not require an Exchange setting. The configuration for Email+ for iOS also includes the bundle
ID for the app and key-value pairs used to configure app settings.
NOTE: Make sure that only one Email+ for iOS configuration is distributed to a device.
NOTE: If you make a mistake in the configuration, the app shows a message to the device user indicating
an error in configuration.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 15
Configuring Email+ for iOS
Procedure
1. In the MobileIron Email+ configuration, enter a name for the configuration.
2. Configure the Email+ settings as needed.
3. Add any custom configurations for the app in AppConnect App Configurations.
4. Add any certificates that are required.
5. Choose a distribution option for the configuration and click Done.
The configuration is distributed to the subset of the devices to which the app is distributed.
Related topics
• See “Email+ configuration field description (Cloud)” on page 17 for a description of the fields.
• See “Additional configurations using key-value pairs” on page 20 for a complete list of custom key-value pairs.
• See the Certificates and S/MIME sections in “Additional configurations using key-value pairs” on page 20.
Email+ installation on an iOS device (Core and Cloud)
Device users can install Email+ from a notification they receive on their iOS device, or from the MobileIron app
catalog on their device.
• Email+ for iOS installation from notification
• Email+ for iOS installation from the MobileIron app catalog
Email+ for iOS installation from notification
After you send an installation request for Email+ for iOS, users receive a notification that prompts them to install the
new or updated app.
FIGURE 4. EMAIL+ INSTALLATION FROM NOTIFICATION
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 16
Configuring Email+ for iOS
By tapping Install, Email+ for iOS is installed to the device.
Email+ for iOS installation from the MobileIron app catalog
When a featured app or an update to an installed app is published to device users, those users see a badge that
appears on the corresponding tab in the MobileIron app catalog. The number on the badge indicates the number of
apps or updates available. The availability of an update is determined by comparing the version number for the
installed app to that of the newly-published app.
After importing Email+ for iOS into the app distribution library, the app appears in Apps@Work on the device. Tap
the entry for Email+ and follow the prompts to install the app.
Email+ configuration field description (Cloud)
The following table provides a description of the configuration fields for Email+ for iOS on MobileIron Cloud.
TABLE 1. EMAIL+ CONFIGURATION FIELD DESCRIPTION IN MOBILEIRON CLOUD
Item Description
Email Address (Required) Enter ${userEmailAddress}.
Email Password Enter the user’s password for the ActiveSync server. If you provide a
password, Email+ for iOS does not prompt the device user for the
password.
You can use the variable ${PASSWORD}
Exchange Host (Required) Enter the fully qualified domain name of the ActiveSync server or the
external hostname or IP address for Standalone Sentry.
Exchange Username (Required) Enter ${userUID}
SSL required Check to secure communication to the ActiveSync server or
Standalone Sentry using HTTPS.
Select the check box unless you are working in a test environment.
Minimum Characters for GAL Enter the minimum number of characters for Email+ for iOS to use for
Search automatic Global Address List (GAL) lookup in Mail and Contacts.
When the device user enters the specified number of characters of a
particular name, Email+ for iOS searches the GAL and presents any
matches to the device user.
NOTE: To enable GAL search, you must set the minimum number of
characters for GAL search in your Microsoft Exchange server
to the same value you set for this Email+ for iOS key.
The default is 4.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 17
Configuring Email+ for iOS
TABLE 1. EMAIL+ CONFIGURATION FIELD DESCRIPTION IN MOBILEIRON CLOUD
Item Description
App Identity Certificate Select the App Identity Certificate created for Sentry. This field is
required only if you are deploying Standalone Sentry that uses an identity
certificate for device authentication.
Trust All Certificates Check if you want Email+ for iOS to automatically accept untrusted
certificates.
Typically, you select the check box only if you are working in a test
environment.
Prompt for Password Before Check if Email+ for iOS should prompt the user for the email password
Connecting to Server before attempting to connect to the email server. When it first launches
and connects to the email server, Email+ for iOS provides the user’s
email password to the email server.
If the field is unchecked, when Email+ for iOS first launches and
connects to the email server, it does not provide the device user’s email
password to the server. After establishing a connection with the email
server, Email+ for iOS prompts the user for an email password. If the
email server limits the number of password attempts, it counts the
connection as one failed attempt.
MobileIron recommends checking this field if the email server allows only
a small number of password attempts. For example, if the email server
allows only three login attempts, setting this value to true means the
device user gets three login attempts as specified by the email server.
IBM Lotus Notes Traveler Check if your email server is IBM Lotus Notes Traveler.
Allow Safari Browser Check to open links in Email+ in Safari.
NOTE: If the setting is checked, the values of email_url_scheme_http
and email_url_scheme_https keys are ignored.
Allow Detailed Notifications Check if you want Email+ for iOS to show the device user detailed
(Required) notifications. The details can include sensitive information such as email
subject, or event titles and times.
Show Pictures by Default Check to enable the Show Pictures option. Device users automatically
see images when opening an email.
Device users can override the value you configure by toggling the Show
Pictures option on or off.
NOTE: When changing the value of this key, Email+ does not
change the Show Pictures option until after completing a full
synchronization. A full synchronization occurs only when you
change certain fundamental key-value pairs, like
email_address, or when the device user uninstalls and reinstalls
Email+ for iOS.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 18
Configuring Email+ for iOS
TABLE 1. EMAIL+ CONFIGURATION FIELD DESCRIPTION IN MOBILEIRON CLOUD
Item Description
Allow Export Contacts Check if you want to allow Email+ for iOS users to export Email+ for iOS
contacts to an Email+ for iOS contacts group on the personal side of the
device. Otherwise, enter false.
When device users export Email+ contacts, device users can see the
caller ID of incoming calls from phone numbers in the list of corporate
contacts. Third-party apps can also access the corporate contacts.
Limit Contact Export to Name Check to limit export of Email+ contacts to only the name and number of
and Number only the contacts.
This option is available only if Allow Export Contacts is checked.
Allow Logging Check if you want Email+ to log data to the device console, and allow the
log file to be attached to a feedback email.
This option is useful for problem diagnosis.
Default Email Signature Enter the default email signature.
The value of this key is the default email signature for all emails.
However, the device user can define the default email signature at any
time, overriding this value. After the user defines the default email
signature, Email+ does not use the value, even if you update it.
Allow Send Feedback Enter the email address to which app feedback is to be delivered.
Use this key to send Email+ for iOS log messages to a particular email
address.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 19
3
Additional configurations using key-value pairs
The following describe how to customize Email+ for iOS app behavior:
• Key-value pairs for customizing Email+ for iOS
• S/MIME support in Email+ for iOS
• Background email checks and user notifications
• Configuring Web@Work for iOS to open mailto links in Email+ for iOS
• Allow copy from Email+ for iOS to other AppConnect apps only
Key-value pairs for customizing Email+ for iOS
Table 1 on page 21 describes the key-value pairs available to administrators to customize Email+ for iOS app
behavior. These key-value pairs define app behavior such as providing detailed notifications to device users and
export contacts from Email+.
TIP: Key-value pairs marked as Core only are not applicable to MobileIron Cloud. For MobileIron Cloud
deployments, these key-value pairs are either provided as fields in MobileIron Cloud or are set
automatically and do not require action from the administrator. See “Email+ configuration field
description (Cloud)” on page 17 for a description of the fields in MobileIron Cloud.
NOTE: Some values can use MobileIron Core variables, such as $EMAIL$. MobileIron Core substitutes the
device user’s value when sending the app configuration to the device.
You can configure and customize the following features with key-value pairs:
• Required key-value pairs
• Background email check and user notifications
• Certificates
• S/MIME
• Manage contacts
• Syncing
• Maximum size for email
• Email attachments
• Open links in a browser
• Default signature
• IBM Lotus Notes Traveler
• SSL
• GAL search
• Prompt the device user for password
• Keyboard extension
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 20
Additional configurations using key-value pairs
• Enable Show Pictures
• Photo library
• Calendar customization
• Notes customization
• Default network timeout
• App feedback
• Troubleshooting
• Miscellaneous
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Required key-value pairs
email_address Email address Typically, this field uses the MobileIron Core variable
(Core only) of the device $EMAIL$.
user
You can also use combinations of these MobileIron Core
variables, depending on your ActiveSync server requirements:
$USERID$, $USER_CUSTOM1$,
$USER_CUSTOM2$, $USER_CUSTOM3$,
$USER_CUSTOM4$.
email_device_id $DEVICE_UUI Identifies the device to the ActiveSync server.
D_NO_DASHE
(Core only)
S$ IMPORTANT: Always use the MobileIron Core variable
$DEVICE_UUID_NO_DASHES$.
email_exchange_host FQDN of the The fully qualified domain name of the ActiveSync server. If
ActiveSync you are using a Standalone Sentry, enter the fully qualified
(Core only)
server or domain name (FQDN) of Standalone Sentry.
Standalone
Example:
Sentry
[Link]
NOTE THE FOLLOWING:
• When using Standalone Sentry with Lotus Domino server
[Link] Upgrade Pack 1, set the server address to
Standalone Sentry FQDN/traveler.
• When using Standalone Sentry with a Lotus Domino
server earlier than [Link] Upgrade Pack 1, set the server
address to Standalone Sentry FQDN/servlet/traveler.
• If you are using an IBM Lotus Notes Traveler server
without a Standalone Sentry, append the IBM Lotus
Notes Traveler server FQDN to the host path of the IBM
Lotus Traveler server. If you use a custom path, append
the custom path to the FQDN.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 21
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
email_exchange_username User ID for the The user ID for the ActiveSync server.
ActiveSync
(Core only) Typically, you use the MobileIron Core variable
server
$USERID$.
If your ActiveSync server requires a domain, use <domain
name>\$USERID$. For example: mydomain\$USERID$.
You can also use combinations of these MobileIron Core
variables, depending on your ActiveSync server requirements:
$EMAIL$,
$USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$,
$USER_CUSTOM4$.
Background email check and user notifications
allow_detailed_notifications • true true: Device user sees detailed notifications. The details can
• false include sensitive information such as email subject, or event
(Core only)
titles and times.
false: Notifications do not include any details.
Default if key-value is not configured: false.
Certificates
allow_certificate_revocation_check • true true: Allows CRL check.
• false Default if key-value is not configured: false
allow_device_keychain • true true: Email+ stores the decryption key received from the EMM
• false client in the device keychain. This allows Email+ to access its
credentials and check email when iOS launches it in the
background, thus improving background email notifications.
false: The AppConnect content decryption key is not stored on
the device.
MobileIron recommends that customers set this to true in
conjunction with a strong device passcode. For more
information see “Background email checks and user
notifications” on page 39.
Default if key-value is not configured: false
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 22
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
email_login_certificate From the The device uses the certificate for authentication.
dropdown list
(Core only) See the MobileIron Core Device Management Guide for your
deivce platform for information on configuring Certificate
Enrollment settings.
If the certificate is password-encoded, MobileIron Core
automatically also sends another key,
email_login_certificate_MI_CERT_PW, with the password as
the certificate’s value.
This key is required if Sentry is configured to require
certificates.
Default if key-value is not configured: Certificates are not
used.
email_trust_all_certificates • true true: Email+ automatically accepts untrusted certificates.
• false Typically, you enter true only when working in a test
(Core only)
environment.
false: Email+ does not accept untrusted certificates.
Default if key-value is not configured: false.
email_user_certificate_self_service From the Allows the administrator to distribute certificates to device
dropdown list users. Users can then upload the certificates manually to the
(Core only)
MobileIron Core user portal.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 23
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
email_certificate_X From the You can designate up to ten certificate authority (CA) root
dropdown list certificates as trusted. Email+ imports the certificate into its
where X is 1 through 10
keychain of trusted certificates, and trusts any certificates
derived from the CA root certificate in its keychain.
Designating a CA root certificate as trusted is necessary for
the following:
• You have configured device authentication in
Standalone Sentry to require a certificate whose certificate
authority is not a trusted CA.
A common scenario for this case is if you are using a self-
signed certificate or a certificate that is not derived from a
well-known certificate authority.
NOTE: You specify this certificate to Email+ in the key
email_login_certificate. It corresponds to the
certificate you specified for device
authentication in Standalone Sentry
configuration in the MobileIron Core Admin
Portal.
• You have configured certificates for encrypting or signing
S/MIME emails and these certificates are self-signed or
not derived from a well-known certificate authority.
NOTE: You specify these certificates in the keys
email_encryption_certificate and
email_signing_certificate.
S/MIME
email_encryption_certificate From the Specifies the certificate to use for encrypting S/MIME emails.
dropdown list
The MobileIron EMM sends the contents of the certificate as
the value.
Email+ imports the key into the keystore and selects the
certificate as the encryption certificate.
If you change the certificate, Email+ imports the new
certificate into the keychain and selects the new certificate as
the encryption certificate. It leaves the previous certificate in
the keychain.
If you delete the key-value pair, Email+ leaves the certificate in
the keychain, while changing its settings to specify that no
certificate is selected as the encryption certificate.
For more information about configuring S/MIME for Email+ for
iOS, see “S/MIME support in Email+ for iOS” on page 37.
Default if key-value is not configured: Certificate is not
configured.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 24
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
email_signing_certificate From the Specifies the certificate to use for signing S/MIME emails.
dropdown list
The MobileIron EMM sends the contents of the certificate as
the value.
Email+ imports the key into the keychain and selects the
certificate as the signing certificate.
If you change the certificate, Email+ imports the new
certificate into the keychain and selects the new certificate as
the signing certificate. It leaves the previous certificate in the
keychain.
If you delete the key-value pair, Email+ leaves the certificate in
the keychain and changes its settings to specify that no
certificate is selected as the signing certificate.
For more information about configuring S/MIME for Email+ for
iOS, see “S/MIME support in Email+ for iOS” on page 37.
Default if key-value is not configured: Certificate is not
configured.
Manage contacts
allow_export_contacts • true true: Allows Email+ users to export Email+ contacts to an
(Core only) • false Email+ contacts group on the personal side of the device.
When device users export the contacts, they can see the
caller ID of incoming calls from phone numbers in the list of
corporate contacts. Third-party apps can also access the
corporate contacts.
false: Device users cannot export the Email+ contacts. They
see the caller ID only for personal contacts.
Default if key-value is not configured: false.
limit_contact_export_to • name_numbe • name_number: limits the exported contact information to
(Core only) r each contact’s name and number.
• all • all: exports all contact information for each contact.
This field is used only if allow_export_contacts is set to true.
NOTE: If you enter a value other than all or name_number,
Email+ for iOS uses the value all.
Default if key-value is not configured: all
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 25
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
email_safe_domains A comma- Ensure that there are no spaces before or after the comma. A
separated list wildcard in the domain name is supported. The only format
of safe supported for domain names with a wildcard is
domains *.[Link]. Entering * only will make all domains
safe.
Email addresses not in the safe domain list are displayed in
red color in Email+.
This configuration minimizes the risk that a user will
accidentally send internal emails to external email addresses.
You may want to use this key-value pair:
• if your company policy requires this risk mitigation step.
• if your company has multiple domains and you want to
identify your company’s domains as opposed to domains
that are not your company domains.
Example:
[Link],[Link],[Link]
Default if key-value is not configured: Only the domain of the
email account is safe.
email_alert_unsafe_domains • true true: Users see an alert if the recipients in an email or
• false calendar invite include addresses that are not in a safe
domain. For the alert to be displayed, the
email_safe_domains key must also be configured.
false: An alert is not displayed for addresses not in a safe
domain.
Default if key-value is not configured: false.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 26
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Syncing
email_max_sync_period • 0 Controls the maximum number of days for which emails are
• 1 synced:
• 2 • 0 = Download all emails.
• 3 • 1 = Download emails received over the last day.
• 4 • 2 = Download emails received over the last 3 days.
• 5 • 3 = Download emails received over the last week.
• 4 = Download emails received over the last 2 weeks.
• 5 = Download emails received over the past month.
MobileIron does not recommend setting the value as 0, as
downloading all emails could take a very long time, and take
up too much space on the device.
Device users can change the interval to a value less than the
default maximum. This feature is useful for regulatory
purposes, if an organization requires device users to have no
more than n days of emails on their devices.
email_default_sync_period • 1 Controls the default time interval for which emails are
• 2 downloaded:
• 3 • 1 = Download emails received over the last day.
• 4 • 2 = Download emails received over the last 3 days.
• 5 • 3 = Download emails received over the last week.
• 4 = Download emails received over the last 2 weeks.
• 5 = Download emails received over the past month.
NOTE: If the maximum email synchronization
(email_max_sync_period) period is less than the
default email synchronization period, then the
maximum value is used.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 27
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Maximum size for email
email_max_body_size A number Specifies the maximum size in megabytes permitted for each
email that is received.
This feature allows administrators to manage bandwidth and
memory consumption on devices by restricting the maximum
size of individual emails.
If the size of the email is greater than the default or configured
size, users are presented with the following message and the
email cannot be downloaded: Email+ maximum message
size exceeded.
Default if key-value is not configured: 4 MB.
Email attachments
email_max_attachment A number Specifies the maximum size in megabytes permitted for each
email attachment for incoming emails. The key-value pair is
applied to incoming emails only.
If you set the maximum value to 10MB, a device user who
receives an email that includes attachments of 3MB, 9MB,
and 10MB will be able to download each attachment. If,
however, a device user receives an email with an 11MB
attachment, the following alert is displayed and users cannot
download the attached file: Failed To Retrieve Attachment
Email+ maximum attachment size exceeded.
NOTE: If users try to send an attachment larger than
10 MB, the following alert is presented: Warning:
The message size exceeds 10 MB. Please confirm
you would like to continue. Users have the option
to either Cancel or Proceed. If users tap Proceed,
the email is successfully sent.
This feature allows administrators to manage bandwidth and
memory consumption on devices by restricting the maximum
size of individual email attachments.
Default if key-value is not configured: 10 MB.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 28
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
MI_SHARED_GROUP_ID A unique, Required to enable attaching of files from Docs@Work.
sufficiently
complex Ensure that the key-value pair is configured in the
alphanumeric Docs@Work configuration as well and that the value is
string identical (including case) in both Email+ and Docs@Work
configurations.
The key is case sensitive. Enter the key in upper case.
IMPORTANT: Configure mi_enable_doc_sharing with
value true in the Docs@Work configuration.
MI_AC_ACCESS_CONTROL_ID A unique, Required to enable attaching of files from Docs@Work.
sufficiently
complex Ensure that the key-value pair is configured in the
alphanumeric Docs@Work configuration as well and that the value is
string identical (including case) in both Email+ and Docs@Work
configurations.
The key is case sensitive. Enter the key in upper case.
IMPORTANT: Configure mi_enable_doc_sharing with
value true in the Docs@Work configuration.
Open links in a browser
Links in Email+ are opened by default in Web@Work. If Web@Work is not installed on the device, Email+ for iOS
displays an error. However, administrators can specify the default browser to use when device users click links in
Email+.
Administrators can configure the default browser to be used for both HTTP and HTTPS links, using customized URL
schemes. This allows finer control over the browser used to open HTTP and HTTPS links, respectively. Additionally,
this key can be used to configure a customized browser as the one that launches when a device user clicks a link in
Email+.
allow_safari_browser • true true: Allows Email+ to open URLs (included, for example, in
(Core only) • false an email) in Safari.
NOTE: If the allow_safari_browser key is configured, the
values of email_url_scheme_http and
email_url_scheme_https are ignored.
Default if key-value is not configured: false.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 29
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
email_url_scheme_http • mibrowser • mibrowser: Default value. Opens links in Web@Work for
• googlechrom iOS
e • googlechrome: Opens links in Chrome.
• opera-http • opera-http: Opens links in Opera.
Default if key-value is not configured: mibrowser
email_url_scheme_https • mibrowsers • mibrowsers: Default value. Opens links in Web@Work for
• googlechrom iOS.
es • googlechromes: Opens links in Chrome.
• opera-https • opera-https: Opens links in Opera.
Default if key-value is not configured: mibrowsers.
webatwork_install_link URL for If Web@Work is not installed on the device, device users are
Web@Work prompted to install Web@Work when they click on a webpage
(Core only. Not supported on
link in an email in Email+. If users accept the prompt, they are
Cloud)
redirected to Apps@Work for installing Web@Work.
TIP: The Web@Work URL is available in the app catalog in
the MobileIron Core Admin Portal. In MobileIron Core,
go to Apps > App Catalog, click on the Web@Work
app, and then click Global. In the global settings, for
App URL, click Copy Link to Clipboard. Paste the link
as the value.
Default signature
email_default_signature The default The value of this key is the default email signature for all
(Core only) email signature emails. However, the device user can define the default email
signature at any time, overriding this key’s value. After the
user defines the default email signature, Email+ does not use
the value in the key, even if you update it.
Default if no key-value is configured: empty string
IBM Lotus Notes Traveler
email_enable_lotus • true Enter true only if your email server is IBM Lotus Notes
(Core only) • false Traveler.
Default if key-value is not configured: false
SSL
email_ssl_required • true true: Secures communication using https to the server
(Core only) • false specified in email_exchange_host. Typically, set this field to
true unless you are working in a test environment.
Default if key-value is not configured: false
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 30
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
GAL search
gal_search_minimum_characters A number The minimum number of characters Email+ uses for automatic
(Core only) Global Address List (GAL) lookup in Mail and Contacts.
When device users enter the specified number of characters
of a name, Email+ searches the GAL and presents the
matches that it finds.
IMPORTANT: On your Exchange server, set the minimum
number of characters for GAL search to the
same value you set for this key. If you do not,
GAL search will not work properly in Email+.
Default if key-value is not configured: 4
gal_search_display_name • true true: Enables Display Name in Email+ Settings > Contacts
• false by default.
false: Disables Display Name in Email+ Settings > Contacts
by default.
Default if key-value is not configured: true
contacts_display_order • first_last Sets the default display order for contact names in search
• last_first results. Device users can change the display order in Email+
in Settings > Contacts.
The values are case sensitive; enter in lower case.
first_last: Contact names in search results are displayed with
first name followed by the last name.
last_first: Contact names in search results are displayed with
last name followed by the first name.
Default if key-value is not configured: first_last.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 31
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Prompt the device user for password
prompt_email_password • true true: Email+ prompts the user for the email password before
(Core only) • false attempting to connect to the email server. When Email+ first
launches and connects to the email server, Email+ provides
the user’s email password to the email server.
false: When Email+ first launches and connects to the email
server, it does not provide the device user’s email password to
the server. After establishing a connection with the email
server, Email+ prompts the user for an email password. If the
email server limits the number of password attempts, it counts
the connection as one failed attempt.
Set the value of this key to true if the email server allows only
a small number of password attempts. Example: It he email
server allows only three attempts, setting this value to true
ensures that device users get three attempts, not two
attempts.
Default if key-value is not configured: false
allow_prompt_password • 0 0 = users are allowed access without a prompt for a password.
• 1 1 = users are prompted for a password to access email.
Default if key-value is not configured: 1.
email_password User’s If configured, Email+ does not prompt user s for a password.
(Core only) password for
You can use the MobileIron Core variable $PASSWORD$ if you
the ActiveSync
have checked Save User Password in Settings >
server
Preferences. MobileIron Core then passes the user’s
password as the value to the device.
WARNING: If you plan to use the $PASSWORD$ variable, be
sure to set Save User Password to Yes before
any device users register. If a device user was
registered before you set Save User Password,
Email+ prompts the user to enter the password
manually.
NOTE: MobileIron recommends deleting the key if the
password is not being saved on MobileIron Core.
Default if key-value is not configured: Email+ requests device
users to enter the password.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 32
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Keyboard extension
allow_keyboard_extensions • true true: Email+ allows the use of custom keyboards.
• false false: Email+ does not allow the use of custom keyboards.
Default if key-value is not configured: true.
Enable Show Pictures
show_pictures_default • true true: Enables the Show Pictures option. Device users
(Core only) • false automatically see images when opening an email.
false: Disables the Show Pictures option. Device users must
tap Show Pictures to view images when opening an email.
Device users can override the value you configure by toggling
the Show Pictures option on or off.
NOTE: When changing the value of this key, Email+ does
not change the Show Pictures option until after
completing a full synchronization. A full
synchronization occurs only when you change
certain fundamental key-value pairs, like
email_address, or when the device user uninstalls
and reinstalls Email+ for iOS.
Default if key-value is not configured: false.
Photo library
allow_photo_library_access • true • true: Users can attach photos and video files from their
• false personal photo library on the device.
• false: Disables access to the personal photo library,
including video files, from Email+. Device users cannot
attach photos or videos from their personal photo library.
However, users can take new photos or videos directly
from the email they are composing in Email+ and attach to
the email.
This feature allows administrators to clearly separate work-
related and personal content on device.
Default if key-value is not configured: true.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 33
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Calendar customization
calendar_default_reminder • -1 Specifies the default calendar alert:
• 0 • -1: No alert
• 5 • 0: At the time of event
• 10 • 5: 5 minutes before the event
• 15 • 10: 10 minutes before the event
• 30 • 15: 15 minutes before the event
• 60 • 30: 30 minutes before the event
• 120 • 60: 1 hour before the event
• 1440 • 120: 2 hours before the event
• 2880 • 1440: 1 day before the event
• 2880: 2 days before the event
Device users can edit the alert as desired after creating the
event.
Default if key-value is not configured: -1.
calendar_default_mode_tablet • day Sets the default Calendar view on an iPad.
• week
Device users can change the view in the Calendar's Settings.
• month The device user’s choice overrides the default set by the
• list administrator.
Default if key-value is not configured: week.
calendar_default_mode_phone • day Sets the default Calendar view on an iPhone.
• month Device users can change the view in the Calendar's Settings.
• list The device user’s choice overrides the default set by the
administrator.
Default if key-value is not configured: day.
calendar_reset_view_threshold A number Sets the inactivity threshold after which the calendar view is
reset to the default view.
The inactivity threshold is measured in seconds.
If the device screen is auto-locked or the app is in background
for more than the configured time, the default view is loaded
when users launch Calendar.
Default if key-value is not configured: 120 seconds.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 34
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
Notes customization
allow_notes_title • true true: Email+ users are presented with a separate title field to
• false add a title to a note.
false: A separate title field for a notes is not available, instead,
the first line of the note is used as a title.
Default if key-value is not configured: false.
Default network timeout
default_network_timeout A positive Sets the app’s default timeout for all ActiveSync network
integer requests. The value is measured in seconds.
Example: 30. In this example, for ActiveSync network
requests, Email+ will timeout after 30 seconds.
Default if key-value is not configured: 90 seconds
App feedback
feedback_email_address An email Device user app feedback and log messages are sent to the
(Core only) address email address.
Default if key-value is not configured: App feedback is not
available to Email+ users.
Troubleshooting
allow_logging • true true: Email+ logs data to the device console, and allows the
(Core only) • false log file to be attached to a feedback email. Entering true is
useful for problem diagnosis.
Default if key-value is not configured: false.
allow_show_configuration • true true: Enables the display of configuration information while
• false setting up Email+ on an iOS device. Set this value to true for
test devices first, then disable the key value pair when it is
time to roll out Email+ for iOS to device users.
Default if key-value is not configured: false.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 35
Additional configurations using key-value pairs
TABLE 1. KEY-VALUE PAIRS FOR CONFIGURING EMAIL+ FOR IOS APP BEHAVIOR
Value: Enter/
Key Select one Description
exit_on_configuration_error • true • true: Email+ simply shuts down without any notification if
• false there is an error in the Email+ configuration that is pushed
to the device.
• false: If Email+ encounters an error in the configuration,
device users are provided with the option to email the
Email+ logs. The Email+ logs are helpful in debugging
configuration errors.
NOTE: Not all configuration errors are considered
critical.
Example: A missing S/MIME signing or encryption
certificate is not considered a critical error.
Default if key-value is not configured: true
enable_calendar_dump • true • true: Enables calendar dump to Email+ feedback logs for
• false troubleshooting. Calendar data is encrypted.
• false: Disables calendar dump to Email+ feedback logs.
Default if key-value is not configured: false
Miscellaneous
disabled_features • move_button • move_button: Disables the Move button in the Move to
• local_cache_ screen in Email+. Emails are moved without confirmation
all when users tap on a folder
• attach_files • local_cache_all: Disables all local caching.
• openin_comp • attach_files: Disables the Attach Files option in Email+.
ose • openin_compose: Disables opening of files into Email+
• document_vi from other apps.
ewer • document_viewer: Disables opening of attachments in
Email+. Instead, users are provided the Open In ... option
to choose an app in which to view the attachment.
However, some attachments, such as text, .eml, audio,
and certificate files are opened in Email+. Configure the
value if you are also using the Watermark capability in
Docs@Work. If you want watermarks to be shown on all
documents, configure the value to disable the document
viewer in Email+ and use Docs@Work exclusively.
enabled_features • gmail_smart_ • Enables smart folders, All mails, Spam, and Starred, for
folders Gmail accounts.
always_fetch_mime • true • Use this option to set the default value for Email+ setting
• false of Always Fetch MIME. Enable this option only when
applications fail to launch when you click the links in the
email body.
Default if key-value is not configured: false
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 36
Additional configurations using key-value pairs
S/MIME support in Email+ for iOS
Email+ for iOS includes support for Secure/Multipurpose Internet Mail Extensions (S/MIME). This functionality
provides the following features:
• The device user sending the email can digitally sign the email.
On the receiving side, Email+ for iOS validates the sender’s identity and determines whether the email has
been tampered with.
• The device user sending the email can encrypt the email.
On the receiving side, Email+ for iOS decrypts the email.
• Email+ for iOS automatically encrypts emails when replying to or forwarding an encrypted email thread.
Using S/MIME requires a user certificate on the device running Email+ for iOS. You can import encryption
certificates in one of two ways:
• Pushing S/MIME certificates from MobileIron Core
OR
• Importing S/MIME certificates to the device through email
Before you set up S/MIME for Email+ for iOS
Before you set up S/MIME do the following:
• Make users’ public encryption keys accessible to all users.
To send an encrypted email, a user needs the recipient’s public key. If you provide users’ public keys in the
Active Directory, Email+ for iOS uses global address lookup to retrieve a public key as needed.
Another way for one user to have the public key of another user is to receive an email from a user with one
certificate for both signing and encryption. When receiving a signed email where the signing certificate and
encryption certificate are the same, Email+ for iOS now has the sender’s public key. The recipient can now
send an encrypted email to the sender of the signed email.
• Make sure users’ encryption certificates are the same on all devices.
Users need their private keys and certificates to read encrypted emails. A user’s encryption key and certificate
must be the same on all the user’s email apps that use S/MIME, including desktop email apps.
• When an encryption key/certificate is renewed, the existing email on a device cannot be decrypted unless the
original key certificate is available. Keep a backup copy of the encryption key and certificate or consider using
a third-party escrow service.
• To restore an encryption key and certificate from backup, users can send themselves the key/certificate as an
email attachment, as described in “Importing S/MIME certificates to the device through email” on page 39.
Pushing S/MIME certificates from MobileIron Core
Pushing S/MIME certificates from MobileIron Core is a two-step process:
1. Enabling per-message S/MIME for iOS
2. Configuring key-value pairs
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 37
Additional configurations using key-value pairs
Enabling per-message S/MIME for iOS
See the “Enabling per-message S/MIME for iOS” section in the MobileIron Device Management Guide for iOS
device to set up the encryption and signing certificates for S/MIME.
Configuring key-value pairs
The key-value pairs define the encryption and signing certificates to be used in Email+. The value for each key is
the certificate enrollment setting you created. You enter the key-value pairs in the AppConnect app configuration
you created for Email+ for iOS.
Procedure
1. In the MobileIron Core Admin Portal, go to Policy & Configs > Configurations.
2. Select the app configuration you created in “Creating an AppConnect app configuration for Email+” on page 11.
3. Click Edit.
4. Add the following key-value pairs in the App-specific Configurations section:
- email_encryption_certificate: This key specifies the certificate to use for encrypting S/MIME emails.
Select the SCEP setting you want to use from the dropdown list.
- email_signing_certificate: This key specifies the certificate to use for signing S/MIME emails. Select the
SCEP setting you want to use from the dropdown list.
Pushing S/MIME certificates from MobileIron Cloud
To enable S/MIME encryption, set up the certificates you will use for S/MIME in MobileIron Cloud. You will
reference the certificates in the Email+ configuration to distribute the certificates to devices. Certificates are sent to
the devices to which the configuration is distributed. Email+ imports the certificates into the keychain and selects
the certificates as the encryption and signing certificates, respectively. Device users can then use the certificates in
Email+ for iOS.
Procedure
1. Set up certificates.
Create a Certificate or Identity Certificate setting from Configurations > +Add.
Before creating an Identity Certificate, you must have also added a certificate authority in Admin >
Certificate Authority. See MobileIron Cloud Help for information about setting up certificates in
MobileIron Cloud.
2. Configure the S/MIME key-value pairs in the Email+ configuration.
The key-value pairs define the encryption and signing certificates to be used in Email+ for iOS. The value for
each key is the certificate setting you created in Step 1.
Related topics
See the “key-value pairs for configuring Email+ for iOS app behavior” on page 21, for the S/MIME key-value pairs
for the encryption and signing certificates.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 38
Additional configurations using key-value pairs
Importing S/MIME certificates to the device through email
Device users can import the signing and encryption certificates to their device from email.
Procedure
1. Device users email themselves the certificate they use for S/MIME as an attachment.
The certificate must be sent as a PFX file.
2. Open the email using Email+ for iOS on the device
3. Tap to open the attachment.
Email+ for iOS prompts the user for the certificate password.
4. Enter the certificate password.
Email+ for iOS imports the certificate into its keychain.
5. Enable S/MIME signing and encryption in the mail settings in Email+ for iOS.
a. In Email+ for iOS, tap Settings > Mail.
b. Tap Security.
c. Tap Sign. The user’s signing certificate is automatically selected.
Users may optionally tap Always Sign to always sign emails with their certificate, and Sign As Clear Text.
d. Tap Encrypt. The user’s signing certificate is automatically selected.
Users may optionally tap Always Encrypt to encrypt every email they send through Email+ for iOS.
Background email checks and user notifications
Email+ relies on iOS background execution to check for new email and to notify users. In the following cases
Email+ may not be able to check for new email:
• To conserve battery power, iOS limits when third-party apps can run in the background. When Email+ is sent to
the background, iOS occasionally allows Email+ to check for new email.
• iOS may terminate Email+ to reclaim memory for other apps. iOS may later decide to launch Email+ for iOS in
the background to check email.
When Email+ is in the background and attempts to check email, as an AppConnect app that encrypts its content,
Email+ must retrieve its encryption key from the EMM client. This requires an app flip to The EMM client, which
cannot happen in the background. As a result, Email+ cannot retrieve the encryption key and therefore cannot
check for new email.
To allow Email+ access to the encryption key even when it is in background, configure the allow_device_keychain
key-value pair to allow Email+ to store the key in the device keychain. This allows Email+ to check for new email
even when iOS launches it in the background.
NOTE: The allow_device_keychain key-value pair should only be used with a strong device passcode so as to
secure the decryption key.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 39
Additional configurations using key-value pairs
How Email+ for iOS checks for new emails
The following describes how Email+ for iOS checks for new emails.
TABLE 1. CHECKING FOR NEW EMAILS
When the ... Email+ for iOS... iOS...
user launches Email+ checks for new email and notifies the user of allows Email+ for iOS to run
new email as usual
app is in the background occasionally checks for new email and notifies might do a periodic
the user, depending on iOS background background refresh
refresh
NOTE THE FOLLOWING:
• iOS may sometimes terminate an app to preserve battery power or memory. If iOS terminates and then
attempts to relaunch Email+ for iOS while the device is locked, then the decryption key is not accessible for
reasons of security, and iOS cannot relaunch Email+ for iOS.
• iOS learns user habits and adjusts its background refresh parameters accordingly. As device users work with
Email+ for iOS more frequently, iOS similarly launches Email+ for iOS in the background more frequently.
Configuring Web@Work for iOS to open mailto links in
Email+ for iOS
Administrators can configure Web@Work for iOS to open mailto links in Email+ for iOS using key-value pairs.
When device users click a mailto link in Web@Work for iOS, Email+ is automatically [Link] feature allows
administrators to maintain good security across the organization by ensuring that users go from a secure browser
to a secure email application when clicking a mailto link.
Procedure
1. Select the Web@Work configuration in your EMM and click Edit.
- In the MobileIron Core Admin Portal, go to Policies & Configs > Configurations.
- In MobileIron Cloud, go to Apps.
2. For custom configurations, click Add to add a key-value pair.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 40
Additional configurations using key-value pairs
3. Add the key mailto_prefix, and assign any of the following values:
Value Value options Description
email+app://<Email+ email+app://email Used for launching one of the
for iOS app> apps within Email+ for iOS, such
email+app://calendar
as the email app itself, calendar,
email+app://contacts or contacts.
email+launcher:// email+launcher://mibrowser?url=mailto: Sets Email+ as the default app to
<browser URL open mailto links.
scheme>
4. Save the configuration.
Allow copy from Email+ for iOS to other AppConnect
apps only
You can configure data loss prevention policies (DLPs) for Email+ for iOS, which involves specifying whether the
device user can copy content from Email+ for iOS to any other app. You can specify whether the device user can
copy content from Email+ for iOS only to other AppConnect apps, rather than all other apps. This allows device
users to share content without also allowing the content to flow to non-AppConnect apps.
Review your AppConnect for iOS DLP settings for copy/paste for Email+ for iOS. Ask these questions depending
on your current setting:
TABLE 2. REVIEW APPCONNECT COPY/PASTE SETTINGS FOR EMAIL+ FOR IOS
Current setting Ask yourself
Copy/Paste To is not • Would your security needs still be met if you allowed copying only to other
allowed for Email+ for AppConnect apps, but not to all other apps?
iOS. • Does Email+ for iOS have content that a device user would want to copy to
another AppConnect app?
If you answered yes to these questions, change the Copy/Paste To setting for
Email+ for iOS to allow copying only to other AppConnect apps.
Copy/Paste To is • Would your security needs be better met by limiting copying only to other
allowed for Email+ for AppConnect apps, instead of all other apps?
iOS to all other apps. • Would the user feel limited if copying is allowed only to other AppConnect apps?
If so, is the more limited user experience, but tighter content security the right
trade-off for your needs?
If you answered yes to these questions, change the Copy/Paste To setting for
Email+ for iOS to allow copying only to other AppConnect apps.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 41
Additional configurations using key-value pairs
Data loss prevention policies for Email+ for iOS are configured on the MobileIron Core Admin Portal in one of the
following places:
• the AppConnect container policy for Email+ for iOS
See “Configuring the AppConnect container policy” on page 11
• the AppConnect global policy if you allow apps to be authorized without an AppConnect container policy and
have no AppConnect container policy for Email+ for iOS.
See “Configuring the AppConnect global policy” on page 9
What Email+ for iOS users see for copy/paste
When you limit copying from Email+ for iOS to only other AppConnect apps, the device user is able to copy from
Email+ for iOS, but can paste only into the same app or other AppConnect apps. If the device user tries to paste
into a non-AppConnect app, the content is not available.
The device user can also see the Copy/Paste To data loss protection policy setting in Mobile@Work at Settings >
Secure Apps > Email+.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 42
4
Real-time push notifications
These sections provide information on how to configure real-time push notifications. With real-time push
notifications, notifications appear on the device as soon as a new email arrives on the Exchange server.
• About real-time push notifications for Email+ for iOS
• Standalone Sentry setup for real-time push notifications
• Deployment use cases for real-time push notifications
• Before you configure real-time push notifications
• Overview of configuration on MobileIron Core
• Description of configurations in MobileIron Core
• Overview of configuration on MobileIron Cloud
• Description of configurations in MobileIron Cloud
• Keys for real-time and interval-based push notifications (Core and Cloud)
• Verifying that the cloud notification service is working
• Using Kerberos Constrained Delegation with Email+ for real time notifications
Push notifications at specified intervals
You can also set up push notifications at specified intervals (interval-based) as opposed to real-time push
notifications. With interval-based push notifications the notification interval is configurable by the administrator. For
information on how to configure interval-based push notifications for MobileIron Core deployments, see MobileIron
Cloud Notification Service for Email+ for iOS at [Link]
About real-time push notifications for Email+ for iOS
Email+ can be set up to receive real-time push notifications. Real-time notifications require additional setup with
the MobileIron cloud notification service (CNS).
The MobileIron cloud notification service (CNS) is a cloud-based service hosted on Amazon Web Services (AWS)
that provides real-time push notifications for Email+ for iOS users by using Microsoft’s Exchange Web Services
(EWS), Amazon’s SNS service, and Apple Push Notification Service (APNs).
• Need for a notification service
• How the notification service works
Need for a notification service
As a third-party app, Email+ for iOS is not permitted by iOS to execute for an unlimited period of time when the app
is in the background. Only apps developed by Apple, such as the native mail app, are able to execute for an
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 43
Real-time push notifications
unlimited period of time in the background. Therefore, even though both native mail and Email+ use the ActiveSync
protocol, only the native mail app can get real-time notifications.
The MobileIron cloud-based notification service (CNS) addresses this limitation by using the Apple APNS push
notification service to notify users about new emails even when Email+ is running in the background on iOS
devices. New emails also include calendar invites.
How the notification service works
Email+ uses Microsoft’s Exchange Web Services (EWS) protocol to subscribe with Exchange to receive push
notifications. As a result of the EWS subscription, Exchange sends a brief message to the MobileIron cloud-based
notification service (CNS) when a new message is [Link] MobileIron cloud notification service is hosted on
Amazon Web Services (AWS) and uses Amazon’s SNS service in conjunction with Apple’s APNs service to send
notifications to iOS devices. The APNs message triggers iOS to launch Email+ for iOS in the background, allowing
Email+ to notify device users of new emails.
No sensitive user data or email content is transferred from Exchange to CNS. No corporate data or user identity
information is stored on CNS, thus making the notification service safe and secure. Only the following information
is sent from EWS to CNS:
• The unique EWS subscription ID of the user.
• Watermark to avoid duplicate notifications.
• The folder ID of the sub folder from which the new email originated.
CNS does not make any requests to the Exchange server.
The notification service is configured via the MobileIron enterprise mobility management (EMM) platform using
key-value pairs added to the AppConnect app configuration for Email+ for iOS.
FIGURE 1. REAL TIME PUSH NOTIFICATION ARCHITECTURE
1. Subscription workflow:
a. Device registers with Apple APNs.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 44
Real-time push notifications
b. Devices registers with the EWS service on Exchange.
2. A new email arrives on the Exchange server.
3. Exchange notifies MobileIron CNS.
4. MobileIron CNS triggers APNs.
5. APNs notifies the iOS device.
6. Notification workflow on Email+:
a. iOS displays a notification to the user indicating that there are new messages.
b. iOS wakes up Email+ in the background.
c. Email+ wakes up and fetches the emails from the Exchange server via ActiveSync.
d. Email+ replaces the previous notification with details of the new messages.
Standalone Sentry setup for real-time push notifications
The following sections provide the authentication to the Exchange and EWS service and the supported
Standalone Sentry setup.
• Exchange, real-time push notifications, and Standalone Sentry setup
• EWS service and Standalone Sentry setup
Exchange, real-time push notifications, and Standalone Sentry setup
The following table shows the Standalone Sentry setup based on the required authentication and whether you are
deploying real-time push notifications.
TABLE 1. SUPPORTED STANDALONE SENTRY SETUP
What is the Do you want
authentication to real-time push
Exchange? notification? Supported Standalone Sentry setup
Basic, NTLM No Enable ActiveSync on Standalone Sentry.
Basic Yes Enable ActiveSync and AppTunnel on Standalone Sentry.
• Set up an AppTunnel service to tunnel Exchange Web Services
(EWS).
Device user experience:
• Device users are prompted for user name and password for
authentication to EWS.
Basic Yes Enable AppTunnel on Standalone Sentry.:
• Set up an AppTunnel service for to tunnel Exchange Web
Services (EWS) and Exchange ActiveSync (EAS) traffic.
Device user experience:
• Device users are prompted for user name and password for
authentication to EWS and Exchange ActiveSync (EAS).
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 45
Real-time push notifications
TABLE 1. SUPPORTED STANDALONE SENTRY SETUP
What is the Do you want
authentication to real-time push
Exchange? notification? Supported Standalone Sentry setup
Basic Yes Set up per app VPN with MobileIron Tunnel.:
NOTE: Email+ must be an MDM managed app so that it can
use MobileIron Tunnel.
Device user experience:
• Device users are prompted for user name and password.
Certificate No Enable ActiveSync on Standalone Sentry.
Certificate, NTLM Yes Setup per app VPN with MobileIron Tunnel.
NOTE THE FOLLOWING:
• Email+ must be an MDM managed app so that it can use
MobileIron Tunnel.
• If you are using certificates for authentication:
- the certificate chain (root and intermediate) must be trusted
by the Exchange server.
- The certificate can be issued per user by a third-party CA or
ADCS on Exchange.
- The certificate is configured as a key-value pair in the Email+
configuration in the EMM.
Device user experience:
• Device users are not prompted for authentication.
EWS service and Standalone Sentry setup
The following table provides the supported authentication methods to the EWS service.
TABLE 2. SUPPORTED AUTHENTICATION TO THE EWS SERVICE
Setup Basic Auth Certificate Auth NTLM Auth
ActiveSync + Yes No No
AppTunnel
Uses AppTunnel for EWS
AppTunnel only Yes No No
Uses AppTunnel for EWS and EAS.
MobileIron Tunnel Yes Yes Yes
No Sentry Yes Yes Yes
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 46
Real-time push notifications
Deployment use cases for real-time push notifications
This document addresses the following use cases:
• Email+ uses AppTunnel to tunnel EWS traffic to the Exchange server. This setup only supports basic
authentication to the EWS service.
• Email+ uses MobileIron Tunnel to tunnel all traffic to the Exchange server. This setup supports basic, NTLM,
and identity certificates to authenticate to the EWS service.
NOTE: If your existing Email+ deployment uses a Standalone Sentry for ActiveSync and your Exchange Web
Service (EWS) is set up to use certificates, you have to disable ActiveSync on Standalone Sentry and
set up MobileIron Tunnel.
Before you configure real-time push notifications
Before you configure real-time push notifications;
• Configure, distribute, and install Email+ for iOS.
Real time notification is supported for Email+ 2.4 for iOS through the most recently released version as
supported by MobileIron.
For information about installing Email+ for iOS, see “Configuring Email+ for iOS” on page 7.
• For information about the EWS push notification service see Microsoft’s documentation at
[Link]
• Open port 443, for outbound only HTTPS requests, on your firewall to allow Exchange to send notifications to
MobileIron CNS. The URL for the CNS server is [Link] Alternately, you can enter
the following IP addresses:
- [Link]
- [Link]
NOTE: MobileIron strongly recommends entering the URL for the notification server, as the IP addresses for
the server might change.
• Set up your Exchange environment. See the following:
- “Configuring EWS to send push notifications” on page 47.
- “Configuring additional Exchange setup for identity certificates” on page 48.
• Ensure that Go Daddy is available in the Exchange trust store as a trusted certificate authority (CA). The
MobileIron cloud notification service uses the Go Daddy CA.
Configuring EWS to send push notifications
These steps are applicable for both Exchange 2010 and 2013 servers.
Before you begin
• You must have enabled EWS on the Exchange server.
Procedure
1. On the Exchange server, launch IIS Manager.
2. Go to Server > Sites > Default Web Site > EWS.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 47
Real-time push notifications
FIGURE 2. EWS HOME AUTHENTICATION AND AUTHORIZATION
3. Verify that the Authentication and Authorization Rules roles are added to IIS.
4. Open Authentication and Enable Basic Authentication.
5. Open Authorization Rules and add rule to Allow for All users if it was not added automatically.
Next steps
• If your setup uses MobileIron Tunnel and identity certificates to authenticate with EWS and ActiveSync, do the
additional setup on the Exchange server described in “Configuring additional Exchange setup for identity
certificates” on page 48.
• Once you have set up your Exchange environment, go to “Overview of configuration on MobileIron Core” on
page 49.
Configuring additional Exchange setup for identity certificates
Perform these steps only if your setup uses MobileIron Tunnel and identity certificates for authentication to EWS
and ActiveSync.
Procedure
1. On the Exchange server, launch IIS Manager.
2. Go to Server > Sites > Default Web Site > EWS.
3. Click on SSL Settings.
4. Check Require SSL.
5. For Client certificate, select Accept.
6. In the EWS directory, click on Configuration Editor and browse to the clientCertificateMappingAuth option.
Set the value for the option to True.
7. In the EWS directory, click on Authentication and enable the Windows Authentication option. Disable all
other authentication types.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 48
Real-time push notifications
Next steps
• Once you have set up your Exchange environment, go to “Overview of configuration on MobileIron Core” on
page 49.
Overview of configuration on MobileIron Core
This section provides an overview of the steps required to set up Email+ for real-time push notifications on
MobileIron Core. Depending on your authentication requirements, use one of the following setup to tunnel
Exchange Web Services (EWS) traffic:
• Using MobileIron Tunnel to tunnel EWS traffic (Core)
OR
• Using AppTunnel to tunnel EWS traffic (Core)
Using MobileIron Tunnel to tunnel EWS traffic (Core)
This section provides the main steps for configuring real-time notifications with Email+ for iOS on MobileIron Core
if you are using MobileIron Tunnel to tunnel EWS traffic.
Before you begin
• Complete the setup described in “Before you configure real-time push notifications” on page 47.
Procedure
1. Set up MobileIron Tunnel.
NOTE: Email+ must be an MDM managed app so that it can use MobileIron Tunnel.
2. If your EWS setup uses either NTLM or identity certificates for authenticating to the EcWS service, create
a SCEP certificate enrollment setting. Skip this step if your EWS setup uses basic authentication.
3. Update the Email+ AppConnect app configuration.
Related topics
• See MobileIron Tunnel for iOS Guide for Administrators to set up MobileIron Tunnel on MobileIron Core.
• “Configuring SCEP settings” on page 50.
• “Updating the AppConnect app configuration for Email+” on page 51
Using AppTunnel to tunnel EWS traffic (Core)
This section provides the main steps for configuring real-time notifications with Email+ for iOS on MobileIron Core
if you are using AppTunnel to tunnel EWS traffic.
Before you begin
• Complete the setup described in “Before you configure real-time push notifications” on page 47.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 49
Real-time push notifications
Procedure
1. Add an <ANY> AppTunnel service in Standalone Sentry settings.
2. Update the Email+ AppConnect app configuration.
Related topics
• “Configuring an AppTunnel service” on page 50.
• “Updating the AppConnect app configuration for Email+” on page 51.
Description of configurations in MobileIron Core
This section provides a more detailed description of the configuration steps referenced in “Overview of
configuration on MobileIron Core” on page 49. The following configurations are described:
• Configuring SCEP settings
• Configuring an AppTunnel service
• Updating the AppConnect app configuration for Email+
Configuring SCEP settings
Create a SCEP setting if your Exchange server and the EWS service require certificate authentication. You will
reference the name of SCEP setting in the AppConnect configuration for Email+ to generate the login certificate for
Email+, so that the Exchange server and EWS trust the device.
Procedure
1. In the Admin Portal, go to Policies & Configs > Configurations.
2. Select Add New > Certificate Enrollment > SCEP.
3. In the New SCEP Setting window, configure the settings based on your SCEP requirements.
4. Click Save to save the SCEP setting.
5. Click OK to dismiss the prompt indicating the successful creation of your SCEP setting.
You will reference this SCEP setting in the AppConnect app configuration for Email+ using the key
email_login_certificate.
Related topics
• “Configuring SCEP” in the MobileIron Core Device Management Guide for iOS devices.
Configuring an AppTunnel service
You create an AppTunnel service in Standalone Sentry as part of an AppTunnel setup.
Before you begin
Ensure that you have a Standalone Sentry that is set up for AppTunnel and the necessary device authentication is
also configured. See “Configuring Standalone Sentry for app tunneling” in the MobileIron Sentry Guide.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 50
Real-time push notifications
Procedure
1. In the MobileIron Core Admin Portal, go to Services > Sentry.
2. Edit the entry for the Standalone Sentry that supports AppTunnel.
3. In the App Tunneling Configuration section, under Services, click + to add a new service.
4. Use the following guidelines to configure an AppTunnel service:
Item Description
Service Name Select <ANY>.
The Service Name is used in the AppConnect app configuration for Email+.
Server List Select the Standalone Sentry
TLS Enabled NA
Proxy/ATC NA
Server SPN List NA
5. Click Save.
Updating the AppConnect app configuration for Email+
Update the AppConnect app configuration for Email+ for iOS, so that Email+ on iOS devices is authorized to get
real-time notifications from CNS.
Procedure
1. In the Core Admin Portal, go to Policy & Configs > Configurations.
2. Select the AppConnect app configuration you created for Email+.
3. Click Edit.
4. Add an AppTunnel rule that points to the Standalone Sentry on which you configured the AppTunnel service.
a. For URL Wildcard, enter the Exchange server’s IP address or FQDN.
5. For Identity Certificate, select the Certificate Enrollment setting you configured for Standalone Sentry.
You would have created the Certificate Enrollment setting as part of the Standalone Sentry setup for identity
certificate with Pass through.
6. Add the necessary key-value pairs.
7. Click Save.
8. Ensure that the configuration is applied to the labels that contain the devices to which you want to push the
configuration. The updated AppConnect app configuration for Email+ for iOS will be sent to devices at the next
sync interval.
Related topics
See “Key-value pairs for real-time push notifications” on page 55 for a list of key-value pairs.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 51
Real-time push notifications
Overview of configuration on MobileIron Cloud
This section provides an overview of the steps required to set up Email+ for real-time push notifications on
MobileIron Cloud. Depending on your authentication requirements, use one of the following setup to tunnel
Exchange Web Services (EWS) traffic:
• Using MobileIron Tunnel to tunnel EWS traffic (Cloud)
OR
• Using AppTunnel to tunnel EWS traffic (Cloud)
Using MobileIron Tunnel to tunnel EWS traffic (Cloud)
This section provides the main steps for configuring real-time notifications with Email+ for iOS on MobileIron Cloud
if you are using MobileIron Tunnel to tunnel EWS traffic.
Before you begin
• Complete the setup described in “Before you configure real-time push notifications” on page 47.
Procedure
1. Set up MobileIron Tunnel.
See MobileIron Tunnel for iOS Guide for Administrators to set up MobileIron Tunnel on MobileIron Cloud.
NOTE: Email+ must be an MDM managed app so that it can use MobileIron Tunnel.
2. If your EWS setup uses either NTLM or identity certificates for authenticating to the EWS service, create a
SCEP certificate enrollment setting. Skip this step if your EWS setup uses basic authentication.
See “Configuring Identity certificate setting” on page 54.
3. Update the Email+ app configuration.
See “Updating the app configuration for Email+” on page 54.
Using AppTunnel to tunnel EWS traffic (Cloud)
This section provides the main steps for configuring real-time notifications with Email+ for iOS on MobileIron Cloud
if you are using AppTunnel to tunnel EWS traffic.
Before you begin
• Complete the setup described in “Before you configure real-time push notifications” on page 47.
Procedure
1. Add a custom HTTP service to the Standalone Sentry profile.
See “Configuring a custom HTTP service” on page 53.
2. Update the Email+ app configuration.
See “Updating the app configuration for Email+” on page 54.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 52
Real-time push notifications
Description of configurations in MobileIron Cloud
This section provides a more detailed description of the configuration steps referenced in “Overview of
configuration on MobileIron Cloud” on page 52. The following configurations are described:
• Configuring a custom HTTP service
• Configuring Identity certificate setting
• Updating the app configuration for Email+
Configuring a custom HTTP service
You create an AppTunnel service in Standalone Sentry as part of the AppTunnel setup.
Before you begin
Ensure that you have a Standalone Sentry that is set up for AppTunnel and the necessary device authentication is
also configured. See “Configuring Standalone Sentry for app tunneling” in the MobileIron Sentry Guide for
MobileIron Cloud.
Procedure
1. In MobileIron Cloud, go to Admin > Sentry.
2. Edit the entry for the Standalone Sentry profile that supports AppTunnel.
3. In Services, click Custom HTTP to add a new service.
4. Use the following guidelines to configure the service:
Item Description
Service Name Enter a name to identify the service.
The Service Name is used in the Email+ app configuration.
Server Select Pass through (Basic Authentication).
Authentication
All destinations Selected by default.
(forward proxy)
5. Click Save.
Related topics
See “Configuring Standalone Sentry for app tunneling” in the MobileIron Sentry Guide for MobileIron Cloud for
more information on creating an AppTunnel service.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 53
Real-time push notifications
Configuring Identity certificate setting
You need to create the SCEP setting if your Exchange server and the EWS service require certificate
authentication. You will reference the name of SCEP setting in the AppConnect configuration for Email+ to
generate the login certificate for Email+, so that the Exchange server and EWS trust the device.
Before you begin
Create a certificate authority in Admin > Certificate Authority.
Procedure
1. In MobileIron Cloud, go to Configurations.
2. Click Add > Identity Certificate.
3. Fill in the following fields for the certificate configuration:
- Name: Enter brief text that identifies this certificate setting.
- Description: Enter additional text that clarifies the purpose of this SCEP setting.
- Certificate Distribution: Select Dynamically Generated.
- Source: Select the Certificate Authority you created in Admin > Certificate Authority.
- Subject: CN=${EMAIL}
- Key size: 2048
4. Test the configuration, and click Next.
5. Click Done to save the configuration.
You will reference the certificate configuration in the app configuration for Email+ using the key
email_login_certificate.
Updating the app configuration for Email+
Update the app configuration for Email+ for iOS with key-value pairs, so that Email+ on iOS devices is authorized
to get real-time notifications from CNS.
Procedure
1. In MobileIron Cloud, go to Apps > App Catalog.
2. In the App Catalog, click on MobileIron Email+.
3. Click App Configurations.
4. In App Configurations Summary, click on AppTunnel to add an AppTunnel rule.
a. Enter a name for the configuration.
b. Select the Sentry profile in which you configured the custom HTTP service.
c. Select the custom HTTP service you created for real-time push notifications in the Sentry configuration.
d. For URL Wildcard, enter the Exchange server’s IP address or FQDN.
e. Select the distribution for this configuration.
f. Click Save.
5. In App Configurations Summary, click on Email+ Configuration to add the necessary key-value pairs in
AppConnect Custom Configuration.
6. Select the app distribution.
7. Click Update.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 54
Real-time push notifications
Related topics
See “Key-value pairs for real-time push notifications” on page 55 for a list of key-value pairs.
Keys for real-time and interval-based push notifications
(Core and Cloud)
• Key-value pairs for real-time push notifications
• Key-value pairs for push notifications (interval-based)
Key-value pairs for real-time push notifications
The following keys are applicable to configuring real-time push notifications:
• notification_server_host
For real-time push notifications enter the following value: [Link]/PROD.
• allow_realtime_notifications
• email_ews_host
• eas_min_allowed_auth_mode
• ews_min_allowed_auth_mode
• notification_resubscription_interval
• allow_device_keychain
The following table describes the key-value pairs applicable for real-time push notifications.
TABLE 3. KEY-VALUE PAIRS FOR REAL-TIME PUSH NOTIFICATIONS
Value: Enter/
Key Select one Description
allow_realtime_notifications true Enables real-time push notifications.
notification_server_host The URL of the The URL for the notification server for real-time push
notification notifications is [Link]/PROD.
server
Alternately, you can enter the following IP addresses:
[Link]
[Link]
NOTE: MobileIron strongly recommends entering the
URL for the notification server, as the IP
addresses for the server might change.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 55
Real-time push notifications
TABLE 3. KEY-VALUE PAIRS FOR REAL-TIME PUSH NOTIFICATIONS
Value: Enter/
Key Select one Description
email_ews_host Exchange Explicitly sets the EWS host address for real-time push
server address notifications, as opposed to the value configured for
email_exchange_host.
for the EWS
host Enter the IP address or DNS of the EWS host. The DNS
name must be in the following format: [Link].
Do not prepend https or full path name.
For Office 365, enter [Link].
This key-value pair is required if your Standalone Sentry is
the email host, i.e. the email_exchange_host key points to
the Standalone Sentry FQDN.
eas_min_allowed_auth_mode • basic Defines the authentication method to the Exchange
• ntlm ActiveSync service.
• cert_base • basic: Select if you are using Basic authentication
(user name and password)
• ntlm: Select if you are using NTLM authentication
• cert_base: Select if you are using identity certificates
for authentication
If a key-value pair is not configured, the default
authentication method is Basic. If you have configured
ntlm or cert_base, and there are errors in your
configuration, the authentication method defaults to basic.
ews_min_allowed_auth_mode • basic Defines the authentication method to the Exchange EWS
• ntlm service.
• cert_base • basic: EWS uses basic authentication (User name and
password)
• ntlm: EWS uses NTLM authentication
• cert_base: EWS uses identity certificates for
authentication
If you have configured ntlm or cert_base, and there are
errors in your configuration, the authentication method
defaults to basic.
Default value if no key-value is configured is basic.
notification_resubscription_interval A number Optional. Sets the interval when Email+ resubscribes to
receive real-time push notifications.
The resubscription interval is in minutes.
If a key-value pair is not configured, the default
resubscription interval is 60 minutes.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 56
Real-time push notifications
TABLE 3. KEY-VALUE PAIRS FOR REAL-TIME PUSH NOTIFICATIONS
Value: Enter/
Key Select one Description
Add the following key-value pairs if you are using an identity certificate for authentication
email_exchange_username $USERID$ The user ID for the ActiveSync server.
email_exchange_host <exchange_re The fully qualified domain name of the ActiveSync server.
al_address>
email_trust_all_certificates true Email+ automatically accepts all certificates.
email_login_certificate <name of the Core: Name of the SCEP setting in MobileIron Core.
identity
Cloud: Name of the Identity certificate configuration in
certificate
MobileIron Cloud
configuration>
email_ssl_required true Secures communication using https to the server that you
specified in email_exchange_host.
allow_logging true Email+ logs data to the device console, and allows the log
file to be attached to a feedback email.
email_device_id $DEVICE_UUI Identifies the device to the ActiveSync server.
D_NO_DASHE
S$
email_address $EMAIL$ Email address of the device user.
feedback_email_address An email Device user app feedback and log messages are sent to
address the email address.
Add the following key-value pairs if your deployment includes Email+ versions 2.3.4 and less and the
devices require interval-based push notifications:
• notification_server_organization_id
• notification_server_authorization
For a description of the key-value pairs see “Key-value pairs for push notifications (interval-based)” on page 58.
NOTE: Email+ versions 2.3.4 and less do not get real-time notifications.
Key-value pairs for push notifications (interval-based)
The following keys are applicable to configuring push notifications:
• notification_server_host
For push notifications enter the following value: [Link]/PROD.
• notification_server_organization_id
• notification_server_authorization
• notification_interval
• allow_device_keychain
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 57
Real-time push notifications
The following table describes the key-value pairs applicable for real-time push notifications.
TABLE 4. KEY-VALUE PAIRS FOR PUSH NOTIFICATIONS (INTERVAL-BASED)
Value: Enter/
Key Select one Description
notification_server_host The URL of the The URL for the notification server for real-time push
notification notifications is [Link]/PROD.
server
notification_interval A number The desired notification interval in seconds. The
recommended interval is 15 minutes, or 900 seconds.
The minimum interval is 5 minutes, or 300 seconds.
This key is ignored if real-time push notifications is
configured.
Default value if no key-value is configured: 900 seconds.
allow_device_keychain true Enables Email+ to fetch email in the background.
notification_server_organization_id ID provided by Organization ID provided by MobileIron.
MobileIron
notification_server_authorization Token provided Token for the cloud notification service.
by MobileIron
Verifying that the cloud notification service is working
After configuring real-time push notification, verify that the service is working.
Procedure
1. Obtain a test iOS device with an email address you can access configured on it.
2. Ensure that Email+ for iOS is installed to the device.
3. In Email+, go to Settings > Notifications and verify that your device is subscribed with EWS.
The following message appears in the Mail Alerts section:
You are subscribed to real-time push notifications.
4. Place the Email+ app in the background without exiting the app.
5. From your desktop, send an email to yourself, using the email address configured on the test iOS device.
6. Watch for a new mail notification from Email+ for iOS on the test device.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 58
Real-time push notifications
Using Kerberos Constrained Delegation with Email+ for
real time notifications
Email+ 2.4.0 and later, works with a Standalone Sentry that is configured for Kerberos Constrained Delegation
(KCD) to authenticate Exchange (ActiveSync and Exchange Web Services) for message sync and to receive real-
time notifications without using passwords. Email+ 2.4.0 and later, leverages Exchange Web Services and a Cloud
Notification Service to generate real-time notifications about new content.
For more information, see [Link]
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 59
5
Troubleshooting Email+ for iOS
The following describe some tools for troubleshooting Email+ for iOS:
• Setting up logging for Email+ for iOS (Core)
• Detailed logging for AppConnect apps for iOS (Core)
• Email+ crash recovery
Setting up logging for Email+ for iOS (Core)
You can troubleshoot user issues with Email+ for iOS by collecting logs and sending them to an email address you
can access. You then ask the device user to reproduce the issue so that you can view logging data. You can also
diagnose your configuration before rolling out Email+ for iOS to device users.
Procedure
1. In the MobileIron Core Admin Portal, go to Policy & Configs > Configurations and select the AppConnect
configuration you created for Email+ for iOS.
2. Click Edit.
3. In the App-specific Configurations section, enter the key allow_logging with value as true.
This allows Email+ for iOS to log data to the device console.
4. Enter the key feedback_email_address with value as a valid email address which you can access.
Email+ for iOS sends the collected log data to the email address entered here.
5. If you are diagnosing a configuration, enter the key allow_show_configuration with value as true.
When set to true, Email+ for iOS shows all configured key-value pairs for diagnostic purposes. Disable this
setting after diagnosis is complete.
6. Click Save.
7. Force a check-in on the user’s device to ensure the modified AppConnect app configuration for Email+ for iOS
is sent to that device:
a. Go to Users & Devices > Devices.
b. Select the checkbox for the device.
c. Click Actions > Force Device Check-in.
The Force Device Check-In dialog appears.
d. In the dialog, confirm the user and device information and enter a note.
e. Click Force Device Check-in.
The device user will now see a Feedback icon in Email+ for iOS.
8. Ask the device user to reproduce the problematic action and tap the Feedback button.
Email+ for iOS log data will be collected and emailed to the address you provided.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 60
Troubleshooting Email+ for iOS
Related topics
See “Key-value pairs for customizing Email+ for iOS” on page 20 for additional key-value pairs for troubleshooting.
Detailed logging for AppConnect apps for iOS (Core)
For more information about logging for AppConnect apps for iOS, see the section “Detailed logging for
AppConnect apps for iOS” in the AppConnect and AppTunnel Guide.
Email+ crash recovery
Email+ has a built-in crash recovery mechanism that is triggered in the event that Email+ consistently crashes
upon launch. If Email+ crashes three times consecutively within a short interval each time it is launched, the
consecutive crashes are considered a catastrophic failure that is associated with some internal data. In this case,
the app reconfigures and the reconfiguration wipes all cached data.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 61
6
What users see
The following sections describe the end user experience with Email+ for iOS:
• Real-time push notifications
Real-time push notifications
Real-time push notifications allow Email+ users to receive notifications about new emails as soon as the emails
arrive in the Inbox. Previous versions of Email+ supported periodic notifications for new emails at an interval set
by the IT department. The following sections address some questions you may have about real-time notifications:
• How will I receive Email+ notifications?
• How do I change the notification settings?
• Why do I see two notifications for each email?
• Why am I not receiving Email+ Notifications?
• How do I turn on/off notification details on the lock screen?
How will I receive Email+ notifications?
Email+ notifications are displayed on your device as:
• A new email notification in the Notification Center on your device.
• Badging of the Email+ app icon on the Home Screen.
FIGURE 1. EMAIL+ APP ICON BADGING
How do I change the notification settings?
To change the notifications settings for Email+, in iOS device Settings, tap Email+ > Notifications.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 62
What users see
FIGURE 2. EMAIL+ NOTIFICATIONS OPTIONS IN DEVICE SETTINGS
Why do I see two notifications for each email?
If real-time notifications are enabled, the Email+ app displays two notifications for each new email. The first
notification is sent by Apple APNs and shows up immediately on the lock screen (depending on the Emai+
Notification settings in your device Settings). This notification has the text: “You have new messages”. The second,
more detailed, notification is sent by the Email+ app if the app is running in the background. The Email+ app
fetches the email summary for the new unread email, removes the original device notification, and replaces it with
a new notification. The second notification shows either the unread email count or summary of the new emails,
depending on your Email+ settings. To turn off detailed notifications, see “How do I turn on/off notification details on
the lock screen?” on page 64.
Occasionally, the Email+ app is not able to sync new email in the background due to poor network connectivity or
because the app is no longer running in the background. If this happens, you may continue to receive the first
notification, which shows that you have new messages, but the second notification with the summary/unread email
count will not display. To correct this, move to an area with better network connectivity and launch Email+.
Why am I not receiving Email+ Notifications?
There are a number of reasons why you may not be receiving notifications on your device:
• Notification options are disabled: Check the notifications options for Email+ in iOS device Settings to make
sure that the options to “Allow Notifications”, “Show in Notification Center”, “Badge App Icon”, and “Show on
Lock Screen” are enabled.
• Email+ app is force terminated: If you force killed Email+ by flicking it off the top of the screen, the app will
stop receiving the second notification. Please launch Email+ to start receiving notifications again.
• Background App Refresh is disabled: If you have disabled Background App Refresh for Email+, in your iOS
device Settings, you will see the first email notification showing that you have new messages but will not see
the second notification showing the new email details/unread email count. You can manage your background
app refresh settings in your iOS device Settings by going to General > Background App Refresh.
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 63
What users see
• Cellular Data option is disabled: If the Cellular Data option is disabled and the device is not connected to
WiFi, the device will not receive new email notification for Email+. Enable the Cellular Data option in your iOS
device Settings for Cellular > Cellular Data and for Email+ > Cellular Data, to get notifications when the device
is not connected to WiFi.
• Device is in Low Power Mode: If your device goes into Low Power mode when the battery is running low,
Background App Refresh gets disabled and the second notification will stop working. Charge your device,
disable low power mode, and launch Email+ to get notifications to work again.
iOS 9 introduced a new feature called Low Power Mode where the user can control whether a device can go
into a battery conservation state to extend battery life. This is typically used when the device battery is running
low and it is not possible to immediately recharge the device. In this state, iOS turns off background app refresh
and also prevents apps from running in the background. When this happens, Email+ will show the first
notification (“You have new messages”), but will not be able to fetch updated unread email summaries in the
background. So the second notification will not be displayed. To recover from this, charge your device fully and
disable low power mode. You may also need to launch Email+ to get notifications to work again.
How do I turn on/off notification details on the lock screen?
You can control whether detailed notifications are displayed on the lock screen by using the Email+ notification
settings in the iOS device settings. In addition, you can control whether the summary of new unread emails is
displayed in the lock screen, by using the Show Mail Details option in the Notifications screen in the Settings
section of the Email+ app.
If the Show Mail Details option is enabled, an individual notification is displayed for each unread email. If the
option is disabled, a single notification that shows the aggregate count of unread emails is displayed.
FIGURE 3. NOTIFICATIONS OPTIONS IN THE EMAIL+ SETTINGS
MobileIron Email+ 3.2.0 for iOS Guide for Administrators | 64
You might also like
- FULL COURSE CLF105 R62 Getting Started With MobileIron CloudNo ratings yetFULL COURSE CLF105 R62 Getting Started With MobileIron Cloud148 pages
- AppConnect 4.8.0 For iOS App Wrapping Developers GuideNo ratings yetAppConnect 4.8.0 For iOS App Wrapping Developers Guide66 pages
- System Messaging Programming Topics For IOSNo ratings yetSystem Messaging Programming Topics For IOS10 pages
- Setting Up A Mailbox On An Iphone, Ipad, or Ipod For FASTHOSTS - Co.uk100% (1)Setting Up A Mailbox On An Iphone, Ipad, or Ipod For FASTHOSTS - Co.uk9 pages
- Send and Receive ICloud Mail On All Your Devices and Keep Mail Settings Up To Date - Apple SupportNo ratings yetSend and Receive ICloud Mail On All Your Devices and Keep Mail Settings Up To Date - Apple Support1 page
- Pushmail Configuration On Mobile Device User Guide: Group IT - MessagingNo ratings yetPushmail Configuration On Mobile Device User Guide: Group IT - Messaging10 pages
- The Book of IMAP Building A Mail Server With Courier and Cyrus Peer Heinlein DownloadNo ratings yetThe Book of IMAP Building A Mail Server With Courier and Cyrus Peer Heinlein Download110 pages
- Action Mailbox Basics - Ruby On Rails GuidesNo ratings yetAction Mailbox Basics - Ruby On Rails Guides12 pages
- Your Icloud Storage Is Almost Full. You Have 597 Mbleftof5 GB Total StorageNo ratings yetYour Icloud Storage Is Almost Full. You Have 597 Mbleftof5 GB Total Storage1 page
- Metallic Exchange Online Custom ConfigurationNo ratings yetMetallic Exchange Online Custom Configuration7 pages
- Dmail - The Future of Secure CommunicationNo ratings yetDmail - The Future of Secure Communication21 pages
- How To Integrate ICloud Sync in Your AppNo ratings yetHow To Integrate ICloud Sync in Your App26 pages
- Apps and Features That Use ICloud - Apple SupportNo ratings yetApps and Features That Use ICloud - Apple Support5 pages
- Elevate 2024 - How To Allow Customers To Send Mass Emails EffectivelyNo ratings yetElevate 2024 - How To Allow Customers To Send Mass Emails Effectively23 pages
- MobileIron-Access - Datasheet - EN - US - v2.1No ratings yetMobileIron-Access - Datasheet - EN - US - v2.12 pages
- DocsAtWorkAndroidReleaseNotes Rev9Mar2018No ratings yetDocsAtWorkAndroidReleaseNotes Rev9Mar201815 pages
- Polaris Dp-20 Web Guide Controller: User ManualNo ratings yetPolaris Dp-20 Web Guide Controller: User Manual66 pages
- Identity and Access Management Standard - tcm38-323781No ratings yetIdentity and Access Management Standard - tcm38-32378116 pages
- Chapter 8 - Computer Forensics Analysis and ValidationNo ratings yetChapter 8 - Computer Forensics Analysis and Validation30 pages
- XPC BIOS User Guide: For The: DQ70 SeriesNo ratings yetXPC BIOS User Guide: For The: DQ70 Series25 pages
- One Covid-19 Allowance Information System Guide For Health Facilities100% (2)One Covid-19 Allowance Information System Guide For Health Facilities36 pages
- Disaster Recovery System Administration Guide For Cisco Unified Contact Center Express Release 8.5No ratings yetDisaster Recovery System Administration Guide For Cisco Unified Contact Center Express Release 8.526 pages
- Exam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals Second EditionNo ratings yetExam Ref SC-900 Microsoft Security, Compliance, and Identity Fundamentals Second Edition420 pages
- You Are Being Watched, Right Now. A TOI Investigation - Times of IndiaNo ratings yetYou Are Being Watched, Right Now. A TOI Investigation - Times of India16 pages
