Nine Work Support Center

Contact Us
  1. Support
  2. Android Enterprise
  3. How to configure App Configuration Policies

How to configure App Configuration Policies

Introduction

Nine is able to be configured using MDM solutions such as MobileIron, AirWatch and so on. The App Configuration initiative defines a standard way for enterprise application developers to interpret app configurations and security policies from EMM (Enterprise Mobility Management) systems, and for EMM systems to configure and secure mobile applications.

This document describes the steps to be taken by the administrator so that when the user enlists a device with MDM solutions, the Nine installed on the device is automatically configured and secured.

Nine supports the following types of configurations.

Nine Configuration Settings Values

* App Service Configuration allows the application to connect to the appropriate app web services for an organization.

Key
TitleRequired
Type
Example
Default
Description

AppServicePublisher

Publisher

Y

String

(e.g. MobileIron)


MDM service provider

AppServiceHost

Host

Y

String

(e.g. appserver.com)


Hostname used to communicate with the application’s primary server (e.g. myserver.com). Application should implement its own default value.

AppServiceHosts
Hosts
NString(e.g. appserver.com;example.com)

If multiple hosts can be configured in the application, they will be sent as a string array. The first host in the list will be used as the default.

AppServiceSecondaryHost

Secondary Host

N

String

(e.g. appserver.com)


Server address for the subordinate accounts

AppServiceSecondaryHosts
Secondary Hosts
N

String

(e.g. appserver.com;example.com)

Server addresses for the subordinate accounts.
AppSecondaryEmailDomains
App secondary email domains
N

String

(e.g. appserver.com;example.com)

Email domains for the subordinate accounts.

AppServicePort

Port

N

Integer

(e.g. 443)

443

Port number used to communicate with the application’s primary server (e.g. 443). Application should implement its own default value.

AppServiceUseSSL

Is Ssl Required

N

Boolean

(e.g. True, False)

True

Determines if the application should use SSL when communicating to the applications’ server. Application should implement a default value.

AppServiceSSLTrustAll

Trust All Certificates

N

Boolean

(e.g. True, False)

True

Accept all SSL certificates

AppDeviceIdPrefix

DevicePrefix Identifier

N

String

(e.g. MSFT, YHOO)

Nine

Prefix for distinguishing DeviceID, (4 alphabetic letters)

AppUserAgent

User Agent

N

String

(e.g. Nine, MDM)


App name which is used in User Agent

AppUserAgentPrefix

User Agent Prefix

N

String



Full text which is used in User Agent

AppDeviceId

Device Id

N

String

(e.g. {EasDeviceIdentifier})


Device ID that the ActiveSync server uses for the device.

AirWatch SEG (Secure Email Gateway): {EasDeviceIdentifier}

MobileIron Sentry: $DEVICE_SN$

MobileIron Cloud: ${deviceEasIdentifier}

AppDeviceType

Device Type

N

String

(e.g. Android)

Android

Device Type

AppUseLoginCertificate

Use Login Certificate

N

Boolean

(e.g. True, False)

False

Client CA

AppLoginCertificateAlias

Login Certificate alias

N

String



Certificate alias

AppReqParamPlaintext

Request param plain text

N

Boolean

(e.g. True, False)

False

"The query value format in the URI contains all of the ActiveSync URI parameters.

e.g.)

Base64:

POST /Microsoft-Server-ActiveSync?jAAJBAp2MTQwRGV2aWNlAApTbWFydFBob25l HTTP/1.1

Plain text:

POST /Microsoft-Server- ActiveSync?Cmd=Sync&User=rmjones&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1"

AppUseModernAuthentication

App use modern authentication

N

Boolean

(e.g. True, False)

False

Modern Authentication (ADAL)

AppPasswordEnable

Password required

N

Integer

(e.g, -1, 0, 1)

-1

App password Enable

-1 : Use Exchange Policy

0 : Disabled

1 : Enabled

AppPasswordComplexity

Password complexity

N

Integer

(e.g. 0, 1)

0

App password complexity (0 : Simple, 1: Alphanumeric)

AppPasswordMinLength

Minimum password length

N

Integer

(e.g. 4)

0

App Password Minimum length

AppPasswordExpirationDays

Password expiration days

N

Integer

(e.g. 90)

0

App Password expiration date

AppPasswordHistory

Password history

N

Integer

(e.g. 9)

0

App Password History counts

AppPasswordMaxFailed

Maximum failed password attempts

N

Integer

(e.g. 10)

0

App Password Maximum failure counts

AppPasswordLockTime

Password lock time

N

Integer

(e.g. 60)

0

App Password Maximum Lock Time (Min.)

AppUseAuthenticationBroker

App use authentication broker

N

Boolean

(e.g. True, False)

False

Broker (Company Portal or Microsoft Authenticator)

AppUserAgentDetails
User agent details
NStringEx) $OS $VERSION
$APP_VERSION
$APP_VERSION_CODE

Extra information for UserAgent
Eg> $OS $VERSION $APP_VERSION $APP_VERSION_CODE (Case sensitive) - SNINE4W-hero2ltexx/NRD90M (Android 7.0.1 4.0.3b 2402300)
AppLauncherShortcuts
App launcher shortcut
NString
[
"Mail",
"Calendar",
"Contacts",
"Tasks",
"Notes"
]

eg)
Add Calendar and Tasks shortcuts as default.
[
"Calendar",
"Tasks"
]
AppSecureMailLoadRemoteImages
App secure mail load remote images
N

Integer

(e.g. -1, 0, 1, 2)
-1-1: User can select the option
0: Do not load
1: Ask before displaying remote images
2: Always display remote images
AppModernAuthenticationEnforcedServers
App modern authentication enforced server
N
String
(e.g. outlook.office365.com, m.outlook.com)

The server addresses which enforce to use Modern Authentication.
AppStrings
App strings
NString{
"compliance_changed_ticker_fmt": "Account $account_name changed its compliance settings; no user action is required.",
"compliance_notification_content_change_title": "Compliance have changed"
}
""DO NOT remove $account_name in the string
AppDisableURLRedirection
App disable URL redirection
NBoolean(e.g. True, False)
False
AppLDAPConfigurations
App LDAP Configurations
NString (JSON)
e.g.
[
{
"Description": "Default",
"ServerAddress": "ldap.example.com",
"ServerPort": "389",
"TransportSecurity": 1,
"SearchBase": "dc=mkt,dc=mainstore,dc=com",
"BindDN": "",
"BindPassword": ""
}
]

Description : Title of the configuration (mandatory, unique)
ServerAddress : LDAP server address or IP address  (mandatory)
ServerPort : LDAP server port (mandatory)
TransportSecurity : 0: None, 1: SSL, 2: StartTLS
SearchBase : LDAP Naming base DN  (mandatory)
BindDN : Leave empty for anonymous
BindPassword : Leave empty for anonymous
AppSelectiveAuthentication
App selective authentication
N

Boolean

(e.g. True, False)

False
AppPreemptivePushScheduling
App preemptive push scheduling
NInteger(e.g. -1, 0, 1)
-1-1: User can select the option
0: Admin disables the option forcibly. User can't change the option.
1: Admin enables the option forcibly. User can't change the option.
AppEWSURL
App ews url
NStringhttps://outlook.office365.com:443/EWS/Exchange.asmx


AppCorporateContactsRefreshInterval
App corporate contacts refresh interval
NIntegere.g. 30
Days
30: every 30 days
AppCorporateContactsSyncFields
App corporate contacts sync fields
NString (CSV)
e.g. "givenName, cn, homePhone, sn, mobile, o, mail, telephoneNumber, title, departement"


AppCorporateContactsCallerDisplay
App corporate contacts caller display
NString (CSV)
e.g. "cn, title, OU"


AppCorporateContactsLDAPConfigurations
App corporate contacts LDAP configurations
NString (JSON)

e.g.

[

  {

    "Description": "Default",

    "ServerAddress": "ldap.example.com",

    "ServerPort": "389",

    "TransportSecurity": 1,

    "SearchBase": "dc=mkt,dc=mainstore,dc=com",

    "BindDN": "",

    "BindPassword": ""

  }

]


Description : Title of the configuration (mandatory, unique) ServerAddress : LDAP server address or IP address  (mandatory) ServerPort : LDAP server port (mandatory) TransportSecurity : 0: None, 1: SSL, 2: StartTLS SearchBase : LDAP Naming base DN  (mandatory) BindDN : Leave empty for anonymous BindPassword : Leave empty for anonymous
AppUseLoginCertificateWithoutUserPassword
App use login certificate without user password
NBoolean(e.g. True, False)False
AppSpamForwardingEmail
App spam forwarding email
NString
(e.g. security@example.com)

If the 'AppSpamForwardingEmail' AppConfig is set, the 'Report Spam/Phish' menu is shown in the email details view.
AppRecurrenceEventEdit
App recurrence event edit
NInteger(e.g. 0, 1)
00: 3 options 
- Only this event 
- All events in the series 
- This and all future events 
1: 2 options 
- Only this event 
- All events in the series
AppCryptographyLibrary
App cryptography library
NInteger(e.g. 0, 1)
00: Open SSL 
1: Bouncy Castle
AppEditableLoginId
App editable loginId
NBoolean
(e.g. True, False)
False
If the value is true, you can edit the login Id field.


* User Configuration allows the application to detect the user of the application, however does not uthenticate the user.

Key
Title
Required
Type
Example
Default
Description

UserName

User name

Y

String

(e.g. wtillman)

 

Username of the user who is using the device. Value to be used by application to authenticate user.

UserEmail

Email Address

Y

String

(e.g. will@company.com)

 

Email address of the user who is using the application

UserPassword

Password

N

String

(e.g. ****)


Password for the user who is using the application

UserDomain

Domain

N

String

(e.g. NADOMAIN)

 

Domain of the user who is using the application

Multiple domains are able to be set with semicolon.

(eg. NADOMAIN1;NADOMAIN2)

UserDisplayName

Display name

N

String

(e.g. James)

 

User name which is displayed in Nine app

UserSignature

Default Signature

N

String

(e.g. ABC Company, James, CIO, +4081234567)

 

Email signature. If empty, use "Sent from Nine"

UserLicenseNumber

User License number

N

String

(e.g. 123456781234)

 

License key which is purchased in 9Folders web site

UserEmailSyncRange

Email Sync Range

N

Integer



0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month

UserEmailDownloadSize

Email Download Size

N

Integer



0: All
1: 10KB
2: 20KB
3: 50KB
4: 100KB

UserDefaultCalendar

User default calendar

N

String

(e.g. com.google.android.calendar)


Package name of the Calendar app which is used as the default Calendar. If it is empty, Nine Calendar is used as default.

UserFontFamily

User font family

N

String

(e.g. Calibri, Arial, Helvetica, sans-serif)


Default font family for outgoing email.

UserFontSize

User font size

N

String

(e.g. 11.5)


Default font size for outgoing email.

UserFontColor

User font color

N

String

(e.g. #000000)


Default font color for outgoing new email.

UserReplyFontColor

User reply font color

N

String

(e.g. #1F497D)


Default font color for reply email.

UserInAppCalendarNotification

User calendar notification

N

Boolean

(e.g. True, False)

True

Calendar notification settings

UserDefaultEditor

User default editor

N

Integer

(e.g. 0, 1)

0

0: Rich Text Editor

1: Text Editor

UserMessageFormat
User message format
N

Integer

(e.g. 0, 1, 2)

10: TEXT
1: HTML
2: MIME
UserReFwdSeparatorStyle
User reply/forward separator style
N

Integer



0: No separator
1: 1px
2: 2px
3: Outlook 2016
UserContactsFieldsLevel
User contacts fields level
NInteger(eg, 0, 1, 2)
00: All Fields
1: Minimum Fields (Name Fields, Phone Fields, Photo Field)
2: All fields except Email address
PolicyMaxEmailLookback
Max sync range of the user
NInteger
-1

-1: Exchange Policy
0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month

UserSyncSystemCalendarStorage
User sync system calendar
N

Boolean

(e.g. True, False)

FALSEDefault value for syncing to the system Calendar storage
UserSyncSystemContactsStorage
User sync system contacts
N

Boolean

(e.g. True, False)

FALSE
Default value for syncing to the system Contacts storage
UserDownloadableAttachmentsMaxSize
User download attachment max size

NInteger

0xx: xxMB Limited
0 Unlimited (Default)
eg)
10: 10MB Limited
25: 25MB Limited
UserAutoAdvance
User auto advance
NInteger

00: Open the previous item
1: Open the next item
2: Return to the current folder
UserReportDiagnosticInfo
User report diagnostic info
N

Boolean

(e.g. True, False)

TRUE
UserBiometricUnlock
User biometric unlock
N

Boolean

(e.g. True, False)

FALSE

UserNotesTemplate
User notes template
NString


Ex) "UserNotesTemplate": {  
"Title": "Memo",
"Template": "To: \nFrom: \nDate: \nSubject: \n\n"
}
UserSyncWhenRoaming
User sync when roaming
NInteger

(e.g. 0, 1)

00: Off
1: On
EnforceSyncWhenRoaming
Enforce sync when roaming
NBoolean(e.g. True, False)
False
UserPreemptivePushScheduling
User preemptive push scheduling
NBoolean(e.g. True, False)
False
UserShowAsConversation
User show as conversation
NBoolean(e.g. True, False)
True
EnforceStorageEncryption
Enforce storage encryption
NBoolean(e.g. True, False)
FalseTRUE: Encrypt storage
FALSE: DO NOT encrypt storage
EnforceExternalBrowsers
Enforce external browsers
NString(e.g. com.microsoft.emmx, com.android.chrome)
""
The package names of the Browser app which is used as the default Browser.
EnforceDeletionOnSpamForwarding
Enforce deletion on spam forwarding
NBoolean
(e.g. True, False)FalseIf the 'EnforceDeletionOnSpamForwarding' is set as TRUE, the email will be moved to Trash folder
UserSigningCertificateAlias
User signing certificate alias
NString
""

UserEncryptionCertificateAlias
User encryption certificate alias
NString
""

UserContactsFileAs
Contacts FileasNInteger

1

0 : Not specified
1 : Last, First
2 : Last First
3 : LastFirst
4 : First Last
5 : Last, First (Company)
6 : Last First (Company)
7 : LastFirst (Company)
8 : Company (Last, First)
9 : Company (LastFirst)
10 : Company (Last First)


* Branding Configuration allows an application to customize the look and feel for a specific organization.

Key
TitleRequired
Type
Example
Default
Description

BrandingLogo

Branding logo

N

String

(e.g.. http://myserver/image.png)

 

String representing HTTP URL of the image to download and display as the main wallpaper within the application. Each application could implement the visual representation differently.

- Recommend format: PNG (Other formats are applicable)

- Background color: #ff009688

- Recommend resolution: 720x264 (Max 1024x1024)

BrandingSplashLogo
Branding splash logo

N

String

(e.g.. http://myserver/image.png)


String representing HTTP URL of the image to download and display as the logo image in the splash screen. Images recommended to be in PNG format.
Size: 720x264

BrandingName

Branding name

N

String

(e.g. Company Name)

 

String representing the company name which could be displayed in the application.

BrandingColor
Branding color
NString(e.g. #1F497D)

RGB(31, 73, 125)


* Security (or Custom) Settings allows an application to enable or disable certain security features

Key
TitleRequired
Type
Example
Default
Description

AllowCalendarSync

Allow calendar sync

N

Boolean

(e.g. True, False)

True

Allow Calendar sync

AllowContactsSync

Allow contacts sync

N

Boolean

(e.g. True, False)

True

Allow Contacts sync

AllowTasksSync

Allow tasks sync

N

Boolean

(e.g. True, False)

True

Allow Tasks sync

AllowNotesSync

Allow notes sync

N

Boolean

(e.g. True, False)

True

Allow Notes sync

AllowPrint

Allow print

N

Boolean

(e.g. True, False)

True

Allow print

AllowShareContents

Allow share contents

N

Boolean

(e.g. True, False)

True

Allow to share the contents of Email/Tasks/Notes

AllowShareAttachment

Allow share attachment

N

Boolean

(e.g. True, False)

True

Allow to share the attachments to 3rd party app

AllowSaveAttachment

Allow save attachment

N

Boolean

(e.g. True, False)

True

Allow to save attachments into external storage

AllowGalShare

Allow GAL share

N

Boolean

(e.g. True, False)

True

Allow to deliver the GAL search results to 3rd party app

IgnoreExchangePolicy

Ignore exchange policy

N

Boolean

(e.g. True, False)

False

Disregard Exchange Policy. Instead, MDM controls the policy.

AllowDeleteOwnAccount

Allow delete own account

N

Boolean

(e.g. True, False)

True


AllowMultipleAccount
Allow multiple account

N

Boolean

(e.g. True, False)

FALSE

Allow to set up multiple accounts
AllowReFwdFromDA
Allow to forward or reply from a different account

N

Boolean

(e.g. True, False)

TRUE

Allow to forward or reply from a different account than the message originated from.

AllowAutoConfig

Allow auto configuration

N

Boolean

(e.g. True, False)

FALSE


AllowSyncSystemCalendarStorage

Allow sync system calendar storage

N

Boolean

(e.g. True, False)

TRUE

Allow for Nine Calendar data to sync to system calendar storage.

Users can see Nine Calendar data on the stock Calendar app.

AllowSyncSystemContactsStorage

Allow sync system contacts storage

N

Boolean

(e.g. True, False)

TRUE

Allow for Nine Contacts data to sync to system contacts storage.

Users can see Nine Contacts data on the stock Contacts app.

AllowManualUserConfig

Allow manual user config

N

Boolean

(e.g. True, False)

FALSE

Allow to set up UserName and UserEmail manually.

AllowCamera
Allow Camera
NBolean(e.g. True, False)
TrueAllow to use Camera

AllowExportMessage

Allow export message

N

Boolean

(e.g. True, False)

FALSE

Allow to export messages

AllowEWSConnectivity
Allow EWS connectivity
N

Boolean

(e.g. True, False)

TRUE

Allow EWS connectivity for the features such as  Shared Calendar features.
AllowBiometricUnlockAllow biometric unlock
N

Boolean

(e.g. True, False)

TRUE

Allow Biometric authentication such as Fingerprint to unlock screen.
AllowCorporateContactsSync
Allow corporate contacts sync
NBoolean(e.g. True, False)
FALSEAllow to use the Corporate Contacts feature
AllowWidgetEmail
Allow Email Widget
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Email widget
AllowWidgetCalendarAgenda
Allow Calendar Agenda Widget
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Agenda widget
AllowWidgetCalendarMonth
Allow Calendar Month Widget
N
Boolean
(e.g. True, False)

TRUE

Allow to use the MonthView widget
AllowWidgetTasks
Allow Tasks Widget
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Tasks widget
AllowWidgetBadge
Allow Badge Widget
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Badge widget
AllowScreenShot
Allow screen shot
NBoolean(e.g. True, False)
TRUEIf set to False, users can’t save a screenshot of the display and are prevented from capturing a screen recording as well.
AllowSaveSMIMEAttachment
Allow saving S/MIME attachments
NBoolean
(e.g. True, False)
FALSEAllow saving attachments of an encrypted message into internal or external storage
AllowShareSMIMEAttachment 
Allow sharing S/MIME attachments
NBoolean
(e.g. True, False)
FALSEAllow sharing attachments of an encrypted message into internal or external storage

 

ActiveSync server synchronization due to app configuration

Nine Work synchronizes all emails, tasks, notes, contacts and calendar items with the ActiveSync server when the device user first launches Nine Work. It also does a full synchronization or delete account if you change the values of the following keys in the app configuration:

• AppDeviceId (Full synchronization)

• AppDeviceIdPrefix (Full synchronization)

• AppDeviceType (Full synchronization)

• AppUserAgentPrefix (Full synchronization)

• AppUserAgent (Full synchronization)

• UserEmail (Delete account)

• AppLoginCertificateAlias (Delete account)

The full synchronization or delete account occurs the next time the device checks in after you have changed the app configuration.