Security settings for Secure Mail (WorkPlace Persona policy)
Use the Security settings to configure security for Secure Mail accounts.
Secure Mail Security settings
You can configure the following security settings in the WorkPlace Persona policy for Secure Mail.
Policy setting | Description |
---|---|
Restrict Attachment Forwarding | Restricts email messages with attachments from being forwarded. |
Allow Own Domain | Select Restrict Attachment Forwarding to view this checkbox. This option helps to send email attachments to addresses with the same email domain as the user. |
Domain list mode | Select Restrict Attachment Forwarding to view this drop-down. Select
whether the domains list is an allowlist or a blocklist. The values are as follows.
|
Domains List | Select Restrict Attachment Forwarding to view this field. Specify the domains to which the forwarding of attachments is either allowed or blocked depending on the selected mode. Users can enter a comma-separated list to add multiple domains. |
Allowlist Doc Types | Select Restrict Attachment Forwarding to view this field. Specify the types of attachment that can be mailed externally. Users can enter comma-separated values to specify multiple extension types such as doc, jpg, and xls. |
Manage Email Restrictions to External Domains | This option helps to prevent email messages from being sent to non-corporate email domains. |
Restriction Type | Select Manage Email Restrictions to External Domains to view this
drop-down. Administrators can configure the following restrictions to control emails from external domains.
Important:
Warn User mode is supported on app versions iOS 3.7 and
later, and, Android 6.30 and later. |
Domain list mode | Select Manage Email Restrictions to External Domains to view this
drop-down. Select whether the domains list is an allowlist or a blocklist. The values are as follows.
|
Domains List | Select Manage Email Restrictions to External Domains to view this field. Specify the domains to which the delivery of emails is either allowed or blocked depending on the selected mode. Users can enter a comma-separated list to add multiple domains. |
Validate Server Certificate | Validates the server certificate that is issued during an SSL connection. This validation provides extra protection against man-in-the-middle attacks. |
Untrusted Certificates Handling |
This option helps administrators to control prompts for untrusted certificates. The options are
as follows.
Note: Select Reject All to ensure maximum security protection and to avoid
spoofing or man-in-the-middle attacks.
|
Server Certificate | To add a new server certificate. |
Configure trusted URLs for Android | Opens email and calendar invitation URLs in a third-party app (instead of in Secure
Browser). Note: The third-party apps that you use must handle the specific URL that is defined in
the app manifest. For example, the RSA App supports the following two URLs.
You can define these URLs as Trusted URLs. For more information about your apps, contact the app developer or IBM® Support. |
Allow External Links to open in Native Browser | This option enables external links in the email message to be opened with a native browser. Intranet sites continue to open their links in the MaaS360® Browser. This setting is available from Android 5.55+. |
Mails from external domains
Use the following settings to define the criteria that flags email messages as external.
Policy setting | Description |
---|---|
Prefix used for mails from external domains | The comma-separated list of prefixes that are configured in mail servers to mark external domain email messages. For example, [External]. |
Prefix location for mails from external domains | The prefix location that is marked in the mail servers to mark external domain email
messages. Supported values are Email subject , body , or
both . |
Warn about attachments in emails from external domains | A security alert is displayed when users attempt to open attachments that originate from
external domains. ![]() Note: This setting does not prevent attachments from downloading. If the MaaS360 Mail setting Auto download attachments smaller than 100 KB in the MaaS360 for iOS app is enabled, attachments are downloaded locally. When users try to open those attachments, a security alert is displayed.
|
Manage remote images in emails from external domains | If this setting is enabled, remote images (embedded URLs) in emails from external domains
are blocked. If this setting is disabled, remote images from all domains are allowed, regardless of
the other settings that are enabled in this policy. In Android, MaaS360 prevents remote images from automatically downloading to the Inbox, Sent, and Draft
folders. The remote images in the original message are hidden when the recipient replies to or
forwards the email to other recipients. Note:
Restriction Type Administrators can configure the following restrictions to
control remote images in emails from external domains.
Note: If a user downloads images in an email from a specific domain, images from that
domain are not downloaded automatically in subsequent emails.
|
Domains List Mode |
Select whether the domains list is an allowlist or a blocklist. The values are as follows.
|
Domains List | Enter a comma-separated list of allowed domains. For example, ibm.com. Specify the domains to which the images or attachments for mails sent from these domains is either allowed or blocked depending on the selected mode. Users can enter comma-separated list to add multiple domains. |
Secure Mail Contact settings
You can configure the following Contacts settings for Secure Mail.
Policy setting | Description |
---|---|
Restrict Personal Exchange Contacts to be Copied to Device Contacts | Restricts the user from copying contacts from the corporate directory to a device. |
Allow editing of Personal Exchange Contacts in native Contacts App | Allows a user to edit corporate contacts in a native application. If this setting is
enabled, contacts are copied over to the primary Google account on the device under a Group named
Exported Corporate Contacts. Once the group is copied over, you can edit the
contacts in the native Contacts app. Note:
|
Allow use of Personal contacts in Secure Mail | If this setting is enabled, users can select personal contacts on the device for sending email messages and calendar invites. |
Report Phishing settings
You can configure the following Report Phishing settings for Secure Mail.
Policy setting | Description |
---|---|
Report Phishing | Allows users to report suspicious email messages to administrators. If an email message is
identified as suspicious or phishing, use the Report Phishing option in the
Email options to report that email message. Note:
|
Report Phishing Settings | Configure the following phishing settings.
|
S/MIME settings
You can configure the following S/MIME settings for Secure Mail.
Note: Contact IBM Support to enable this feature.
Policy setting | Description |
---|---|
SMIME Certificate Source | Enable this setting if the certificate source is an email message or Cloud Extender®. |
Trusted Certificate | Adds a new trusted certificate. |
Apply Triple wrapping of message | Enables signing, encryption, and signing again for each email message. |
Always sign outgoing mails | All email messages that are sent through Secure Mail are signed by the sender's signing certificate. |
Allow user to customize SMIME controls per message | Users can encrypt or sign outgoing email messages. |
Do not allow unencrypted messages to specified domains | Does not allow unencrypted email messages to specific domains. |
SMIME Public Cert Refresh Days | Refreshes the local copy at the selected frequency. |
Configure LDAP for SMIME Certificate Lookup | Enables settings to configure LDAP for S/MIME Certificate Lookup. |
Note: Depending on the services that are enabled in the MaaS360 Portal, some of these options might not be available.