Configuring a mailbox on iOS MDM devices

Expand all | Collapse all

These settings apply to supervised devices and devices operating in basic control mode.

To enable an iOS MDM device user to work with email, add the user's email account to the list of accounts on the iOS MDM device.

By default, the email account is added with the following settings:

• Email protocol – IMAP.
• The user can move email messages between the user's accounts and synchronize account addresses.
• The user can use any email client (other than Mail) to use email.
• The SSL connection is not used during transmission of messages.

You can edit the specified settings when adding an account.

To add an email account of the iOS MDM device user:

1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Policies & profiles. In the list of group policies that opens, click the name of the policy that you want to configure.
2. In the policy properties window, select Application settings.
3. Select iOS and go to the Device configuration section.
4. On the Email card, click Settings.

   The Email window opens.

5. Enable the settings using the Email toggle switch.
6. Click Add.

   The Add email account window opens.

7. Specify the email account settings:
   • On the General settings tab, configure the following settings:
     1. In the User name field, specify the name of the iOS MDM device user. You can either enter a value or select a macro by clicking the button.
     2. In the Email address field, specify the email address of the iOS MDM device user. You can either enter a value or select a macro by clicking the button.
     3. In the Account description field, enter a description of the user's email account.
     4. In the Email protocol field, select one of the following protocols:
        • POP
        • IMAP
     5. If you selected IMAP, specify the IMAP path prefix in the IMAP path prefix field.

        The IMAP path prefix must be entered using uppercase letters (for example: GMAIL for Google Mail).

     6. In the Incoming mail server settings and Outgoing mail server settings sections, configure the server connection settings:
        • In the Server address field, specify names of hosts or IP addresses of incoming and outgoing mail servers.
        • In the Server port fields, specify the port numbers of incoming and outgoing mail servers.

        To configure optional settings for the incoming and outgoing mail servers, click More settings and do the following:

        • In the User name field, specify the name of the user's account for authorization on the incoming and outgoing mail servers. You can either enter a value or select a macro by clicking the button.
        • In the Authentication type field, select the type of authentication of the user's email account on the incoming and outgoing mail servers.
        • In the Password field, specify the account password for authenticating on incoming and outgoing mail servers protected using the selected authentication method.
        • If you want to use the SSL (Secure Sockets Layer) data transport protocol, select the Use SSL connection check box.
        • If you want to use the same password for user authentication on the incoming and outgoing mail servers, select the Use the same password for incoming and outgoing mail servers check box.
   • On the Advanced settings tab, configure the additional settings of the email account:
     1. In the Restrictions section, select or clear the following check boxes, if necessary:
        • Allow syncing recent addresses

          Moving email messages between accounts.

          If the check box is selected, the user can move email messages from one account to another.

          If the check box is cleared, the user is prohibited from moving email messages from one account to another.

          This check box is selected by default.

          If you want to prohibit saving, moving, and sharing attachments from a corporate mailbox, clear the Allow movement of messages between accounts (including work and personal accounts) check box and select the Prohibit non-managed apps from using documents from managed apps and Prohibit managed apps from using documents from non-managed apps check boxes.

        • Allow movement of messages between accounts (including work and personal accounts)

          Synchronization of email addresses between accounts.

          If the check box is selected, when creating messages the user can use another email account's address history.

          If this check box is cleared, used email addresses are not synchronized. When creating a message, the user of an iOS MDM device cannot use another email account's address history.

          This check box is selected by default.

        • Allow Mail Drop

          Use of the Mail Drop service to forward large attachments.

          If the check box is selected, the user can use Mail Drop.

          If the check box is cleared, the user cannot use Mail Drop.

          This check box is cleared by default.

        • Allow using only the Mail app

          Use of only the standard iOS mail client for processing messages.

          If the check box is selected, the user can use email only in the standard iOS email client.

          If the check box is cleared, the user can use email both in the standard iOS email client and in other apps.

          This check box is cleared by default.

     2. In the Signature and Encryption sections, configure the settings for signing and encrypting outgoing mail using the S/MIME protocol in the Mail app.

        S/MIME is a protocol for transmitting digitally signed encrypted messages. S/MIME provides cryptographic security capabilities such as authentication, message integrity control, and non-repudiation of origin (using digital signatures). The protocol also helps improve the confidentiality and security of data in email messages by using encryption.

        • Sign messages

          Digital signature of outgoing messages in the Mail app.

          If the check box is selected, outgoing messages are signed with a digital signature using the S/MIME protocol. A digital signature confirms the authenticity of the sender and indicates that the contents of the message have not been modified during transmission to the recipient. A recipient certificate (public key) must be selected for a message signature.

          This check box is cleared by default.

        • Signing certificate for outgoing messages

          Certificate for signing outgoing messages with a digital signature using the S/MIME protocol. The digital signature guarantees that the message was sent by the iOS MDM device user. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.

          This drop-down list is available only if the Sign messages check box is selected.

        • Encrypt messages by default

          Encryption of outgoing messages in the Mail app.

          If the check box is selected, outgoing messages are encrypted by default using the S/MIME protocol. A recipient certificate (public key) must be selected for sending encrypted messages. If a recipient certificate is not installed, messages cannot be encrypted. Encrypted messages can be viewed only by users whose devices have a certificate installed.

          This check box is cleared by default.

        • Encryption certificate

          Encryption certificate for encrypting outgoing messages using the S/MIME protocol. Encryption keeps messages confidential during transmission and storage. You can add certificates in the Certificate management settings of the policy or in the Certificates section of Web Console.

          This drop-down list is available only if the Encrypt messages by default check box is selected.

        • Show toggle button for encrypting selected messages

          Display of the icon in the Mail app in the To field for sending encrypted messages.

          If this check box is selected, the mobile device user can encrypt individual messages by clicking the icon.

          If the check box is cleared, the icon for encrypting messages is not displayed. In this case, the Encrypt messages by default check box determines whether outgoing mail is encrypted.

     • If necessary, in the Per App VPN section, configure Per App VPN.
8. Click Save.

   The new email account appears in the list.

   You can modify or delete email accounts in the list using the Edit and Delete buttons at the top of the list.

9. Click OK.
10. Click Save to save the changes you have made.

Mobile device settings are changed after the next device synchronization with the iOS MDM Server.

As a result, once the policy is applied, email accounts from the list are added on the user's mobile device.

We recommend closing and opening the Settings app on the iOS MDM device after you configure a mailbox.