Security settings for Secure Mail (WorkPlace Persona policy)
Use the Security settings to configure security for Secure Mail accounts.
Secure Mail security settings
You can configure the following security settings in the WorkPlace Persona policy for Secure Mail:
Policy setting | Description |
---|---|
Restrict Attachment Forwarding | Restricts email messages with attachments from being forwarded. |
Manage Email Restrictions to External Domains | Prevents email messages from being sent to non-corporate email domains. |
Validate Server Certificate | Validates the server certificate that is issued by a mail server during an SSL connection. This validation provides extra protection against man-in-the-middle attacks. |
Untrusted Certificates Handling |
Allows administrators to control prompts for untrusted certificates.
Note: Select Reject All to ensure maximum security protection and to avoid
spoofing or man-in-the-middle attacks.
|
Server Certificate | Adds a new server certificate. |
Configure trusted URLs for Android | Opens email and calendar invitation URLs in a third-party app (instead of in Secure
Browser). Note: The third-party apps that you use must handle the specific URL that is defined in
the app manifest. For example, the RSA App supports the following two URLs:
You can define these URLs as Trusted URLs. For more information about your apps, contact the app developer or IBM® Support. |
Allow External Links to open in Native Browser | Allows external links in the email message to be opened with a native browser. Intranet sites continue to open their links in the MaaS360® Browser. This setting is available from Android 5.55+. |
Email messages from external domains
Use the following settings to define the criteria that flags email messages as external:
Policy setting | Description |
---|---|
Prefix used for mails from external domains | The comma-separated list of prefixes that are configured in mail servers to mark external domain email messages. For example: [External] |
Prefix location for mails from external domains | The prefix location that is marked in the mail servers to mark external domain email messages. Supported values: Email subject, body, or both. |
Allowed mail domains | Provides a comma-separated list of allowed domains. For example:
ibm.com If this policy is enabled, remote images or attachments in email messages that are received from allowed domains are automatically displayed. If mail servers flag an email message as external, remote images are still displayed if that domain is part of the allowed domains. If allowed domains are not configured, remote images from all domains are blocked except for the user's domain. |
Manage remote images in emails from external domains | If this setting is enabled, remote images (embedded URLs) in emails from external domains
are blocked. If this setting is disabled, remote images from all domains are allowed, regardless of
the other settings that are enabled in this policy. In Android, MaaS360 prevents remote images from automatically downloading to the Inbox, Sent, and Draft
folders. The remote images in the original message are hidden when the recipient replies to or
forwards the email to other recipients. Note:
Restriction Type Administrators can configure the following restrictions to
control remote images in emails from external domains:
Note: If a user downloads images in an email from a specific domain, images from that
domain are not downloaded automatically in subsequent emails.
|
Warn about attachments in emails from external domains | A security alert is displayed when users attempt to open attachments that originate from
external domains. ![]() Note: This setting does not prevent attachments from downloading. If the MaaS360 Mail
setting Auto download attachments smaller than 100 KB in the MaaS360 for iOS
app is enabled, attachments are downloaded locally. When users try to open those attachments, a
security alert is displayed.
|
Secure Mail Contacts settings
You can configure the following Contacts settings for Secure Mail:
Policy setting | Description |
---|---|
Restrict Personal Exchange Contacts to be Copied to Device Contacts | Restricts the user from copying contacts from the corporate directory to a device. |
Allow editing of Personal Exchange Contacts in native Contacts App | Allows a user to edit corporate contacts in a native application. If this setting is
enabled, contacts are copied over to the primary Google account on the device under a Group named
Exported Corporate Contacts. Once the group is copied over, you can edit the
contacts in the native Contacts app. Note:
|
Allow use of Personal contacts in Secure Mail | If this setting is enabled, users can select personal contacts on the device for sending email messages and calendar invites. |
Report Phishing settings
You can configure the following Report Phishing settings for Secure Mail:
Policy setting | Description |
---|---|
Report Phishing | Allows users to report suspicious email messages to administrators. If an email message is
identified as suspicious or phishing, use the Report Phishing option in the
Email options to report that email message. Note:
|
Report Phishing Settings | Configure the following phishing settings:
|
S/MIME settings
You can configure the following S/MIME settings for Secure Mail:
Policy setting | Description |
---|---|
SMIME Certificate Source | Enable this setting if the certificate source is an email message or Cloud Extender®. |
Trusted Certificate | Adds a new trusted certificate. |
Apply Triple wrapping of message | Enables signing, encryption, and signing again for each email message. |
Always sign outgoing mails | All email messages that are sent through Secure Mail are signed by the sender's signing certificate. |
Allow user to customize SMIME controls per message | Users can encrypt or sign outgoing email messages. |
Do not allow unencrypted messages to specified domains | Does not allow unencrypted email messages to specific domains. |
SMIME Public Cert Refresh Days | Refreshes the local copy at the selected frequency. |
Configure LDAP for SMIME Certificate Lookup | Enables settings to configure LDAP for S/MIME Certificate Lookup. |