IBM Support

Overview: Configuring Mail Services In MaaS360

How To


Summary

This article is a high level overview of the common configuration components for email in MaaS360. This will cover both MDM and Secure Productivity Suite configs across devices and operating systems

Environment

Mail configuration supported on:
iOS 6+
Android 5.0+
Windows 10 
macOS 10.11+

Steps

Enterprise mail configuration via MaaS360 consists of pushing "ActiveSync" (or 3rd party equivalent) settings via security policy to a mail client on the device.  In almost every scenario that mail client will be native to the operating system in use.: 
  • iOS & macOS - Apple Mail
  • Android (Android Enterprise) - Gmail
  • Android (Device Admin management) - Samsung Mail agent is currently the only client that properly receives settings.  A common 3rd party agent called Touchdown was configurable, but their features were deprecated by the publisher in 2018.
  • Windows - Windows Mail client (not Outlook)
  • Secure Productivity Suite (SPS) - The MaaS360 mail client for iOS or Android
Note about Android - the Gmail agent may be stripped out and replaced by an OEM on some devices.  In this scenario admins will have to ensure that the app is pushed & installed via App Catalog workflows.
App Config - App Config is a method of delivering application settings and features via MaaS360 and the App Catalog.  There are many third party mail applications that support App Config (Outlook, for example), however this document focuses on those that can be setup via MaaS360 policy directly.
What is ActiveSync? 
The short answer is that it is a protocol that allows data to "actively sync" to clients across platforms, rather than using traditional methods of mail being delivered to a server where it waits for a device to make a request to view.  Information is stored both on the devices and the mail server where it originated.  ActiveSync was created by Microsoft, but has been adopted in some fashion by many other mail providers. 
Out of the box MaaS360 supports:
Microsoft Exchange and Office365
G Suite (GoogleSync)
IBM Traveler
Other systems may work depending on how they implement variations of the ActiveSync protocol.  Sometimes it's just a matter of trial and error to get it up and running in those scenarios.
Locating the mail policy
Each MDM policy a section titled "ActiveSync" for the enterprise mail configurations (SPS simply uses "Mail").  Below are samples from iOS, Android, and Android Enterprise Policy
iOS mail        Android mail        Android Enterprise Mail
The Persona policy type contains the mail config for MaaS360 Secure Mail (supported on iOS and Android)
First the Secure Mail feature must be enabled in the policy:
Enable SPS mail
Once this is enabled, the configuration portion of the policy will be accessible:
SPS mail
Basics of Mail Configuration
MaaS360 supports a variety of wildcards to make setting mail up as easy as possible.  These wildcards correspond to critic fields in the user record.  The preconfigured wildcards are as follows:
Username - %username%
Domain - %domain%
Email Address - %email%
User Principle Name - %UPN%
Custom attributes may also be created to map to any number of the user record fields that may be required to properly configure mail policy.

Each policy, regardless of device type, has a few basic required fields:
 
  • ActiveSync Hostname/Mail Server - This is the address of the mail server leveraged by ActiveSync.  This can be obtained from mail admins in the case of on premise mail servers (it is commonly the URL that would be entered when configuring the account manually on the device), or one of the following if cloud mail is utilized:
Office365 - outlook.office365.com
G Suite - m.google.com
  • Username - This is the username for the mail account as it would be entered on the device.  Common variations are first initial/surname, UPN, and full email address (the latter is common for O365 and G Suite).  This can be left blank to pull automatically from the "Username" field in the user record.  This can also be customized in the case that it varies. 
Examples: The username of the accounts is the email address - %email% may be added to the Username field in the policy. 
The username is a combination of fields - %username%@%domain% format may be leveraged to get the desired information configured.
  • Domain - The domain for the mailboxes to be configured on the account.  This can be left blank to pull automatically from the "Domain" field in the user record.
  • Email Address - The email address for the user.  May be left blank to pull automatically from the "Email" field of the user record.
Leaving all of the fields blank will pull from the data in the user record.  All of the mail policies contain these fields in some fashion.
Sample mail
Sample Mail 2
Other common fields include:
Authentication Type - Password or Certificate.  Passwords will prompt the user to enter their credentials on the device.  Passwords are neither stored nor maintained by MaaS360 and cannot be passed to the device automatically.  Certificates are ideal for touchless authentication, but require additional backend systems.
Use SSL - Enable if your mail server supports Secure Sockets Layer protocols.

There are many features unique to each mail environment and OS.  For more information about the individually configurable settings in the policy, please refer to our security policy guides in the MaaS360 Knowledge Center
Issues with mail configuration are usually the result of a misconfigured field, but in some less frequent scenarios it can be hindered by internal policy and settings.  Items to check on include:
  • Ensuring the hostname of the ActiveSync server is correct.  If configuring Microsoft mail systems, the fields being utilized can be tested at https://testconnectivity.microsoft.com
  • Double check for spelling errors and misplaced punctuation
  • Check with security teams to ensure that ActiveSync features are public facing and that security measures such as firewalls
If there are any questions or concerns, please reach out to our teams via the MaaS360 product forum at https://www.ibm.com/mysupport - Select "Forums" and search for the MaaS360 product page.

Document Location

Worldwide

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
21 August 2019

UID

ibm11071544