Nine Work Support Center

Contact Us

How to configure App Configuration Policies

Introduction

Nine is able to be configured using MDM solutions such as MobileIron, AirWatch and so on. The App Configuration initiative defines a standard way for enterprise application developers to interpret app configurations and security policies from EMM (Enterprise Mobility Management) systems, and for EMM systems to configure and secure mobile applications.

This document describes the steps to be taken by the administrator so that when the user enlists a device with MDM solutions, the Nine installed on the device is automatically configured and secured.

Nine supports the following types of configurations.

Nine Configuration Settings Values

* App Service Configuration allows the application to connect to the appropriate app web services for an organization.

Key
Required
Type
Example
Default
Description

AppServicePublisher

Y

String

(e.g. MobileIron)


MDM service provider

AppServiceHost

Y

String

(e.g. appserver.com)


Hostname used to communicate with the application’s primary server (e.g. myserver.com). Application should implement its own default value.

AppServiceHosts
NString(e.g. appserver.com;example.com)

If multiple hosts can be configured in the application, they will be sent as a string array. The first host in the list will be used as the default.

AppServiceSecondaryHost

N

String

(e.g. appserver.com)


Server address for the subordinate accounts

AppServiceSecondaryHosts
N

String

(e.g. appserver.com;example.com)

Server addresses for the subordinate accounts.
AppSecondaryEmailDomains
N

String

(e.g. appserver.com;example.com)

Email domains for the subordinate accounts.

AppServicePort

N

Integer

(e.g. 443)

443

Port number used to communicate with the application’s primary server (e.g. 443). Application should implement its own default value.

AppServiceUseSSL

N

Boolean

(e.g. True, False)

True

Determines if the application should use SSL when communicating to the applications’ server. Application should implement a default value.

AppServiceSSLTrustAll

N

Boolean

(e.g. True, False)

True

Accept all SSL certificates

AppDeviceIdPrefix

N

String

(e.g. MSFT, YHOO)

Nine

Prefix for distinguishing DeviceID, (4 alphabetic letters)

AppUserAgent

N

String

(e.g. Nine, MDM)


App name which is used in User Agent

AppUserAgentPrefix

N

String



Full text which is used in User Agent

AppDeviceId

N

String

(e.g. {EasDeviceIdentifier})


Device ID that the ActiveSync server uses for the device.

AirWatch SEG (Secure Email Gateway): {EasDeviceIdentifier}

MobileIron Sentry: $DEVICE_SN$

MobileIron Cloud: ${deviceEasIdentifier}

AppDeviceType

N

String

(e.g. Android)

Android

Device Type

AppUseLoginCertificate

N

Boolean

(e.g. True, False)

False

Client CA

AppLoginCertificateAlias

N

String



Certificate alias

AppReqParamPlaintext

N

Boolean

(e.g. True, False)

False

"The query value format in the URI contains all of the ActiveSync URI parameters.

e.g.)

Base64:

POST /Microsoft-Server-ActiveSync?jAAJBAp2MTQwRGV2aWNlAApTbWFydFBob25l HTTP/1.1

Plain text:

POST /Microsoft-Server- ActiveSync?Cmd=Sync&User=rmjones&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1"

AppUseModernAuthentication

N

Boolean

(e.g. True, False)

False

Modern Authentication (ADAL)

AppWhitelistedApps
NString
(e.g. com.microsoft.office.word,com.microsoft.office.excel)

Whitelist app lists

AppPasswordEnable

N

Integer

(e.g, -1, 0, 1)

-1

App password Enable

-1 : Use Exchange Policy

0 : Disabled

1 : Enabled

AppPasswordComplexity

N

Integer

(e.g. 0, 1)

0

App password complexity (0 : Simple, 1: Alphanumeric)

AppPasswordMinLength

N

Integer

(e.g. 4)

0

App Password Minimum length

AppPasswordExpirationDays

N

Integer

(e.g. 90)

0

App Password expiration date

AppPasswordHistory

N

Integer

(e.g. 9)

0

App Password History counts

AppPasswordMaxFailed

N

Integer

(e.g. 10)

0

App Password Maximum failure counts

AppPasswordLockTime

N

Integer

(e.g. 60)

0

App Password Maximum Lock Time (Min.)

AppPasswordComplexChar

N

Integer

(e.g. 0)

0

App Password complex characters

0 : none

1,2 : letter + digit

3 : letter + digit + symbol

4 : letter (upper & lower) + digit + symbol

AppUseAuthenticationBroker

N

Boolean

(e.g. True, False)

False

Broker (Company Portal or Microsoft Authenticator)

AppUserAgentDetails
NStringEx) $OS $VERSION
$APP_VERSION
$APP_VERSION_CODE

Extra information for UserAgent
Eg> $OS $VERSION $APP_VERSION $APP_VERSION_CODE (Case sensitive) - SNINE4W-hero2ltexx/NRD90M (Android 7.0.1 4.0.3b 2402300)
AppLauncherShortcuts
NString
[
"Mail",
"Calendar",
"Contacts",
"Tasks",
"Notes"
]

eg)
Add Calendar and Tasks shortcuts as default.
[
"Calendar",
"Tasks"
]
AppSecureMailLoadRemoteImages
N

Integer

(e.g. -1, 0, 1, 2)
-1-1: User can select the option
0: Do not load
1: Ask before displaying remote images
2: Always display remote images
AppModernAuthenticationEnforcedServers
N
String
(e.g. outlook.office365.com, m.outlook.com)

The server addresses which enforce to use Modern Authentication.
AppStrings
NString{
"compliance_changed_ticker_fmt": "Account $account_name changed its compliance settings; no user action is required.",
"compliance_notification_content_change_title": "Compliance have changed"
}
""DO NOT remove $account_name in the string
AppDisableURLRedirection
NBoolean(e.g. True, False)
False
AppLDAPConfigurations
NString (JSON)
e.g.
[
{
"Description": "Default",
"ServerAddress": "ldap.example.com",
"ServerPort": "389",
"TransportSecurity": 1,
"SearchBase": "dc=mkt,dc=mainstore,dc=com",
"BindDN": "",
"BindPassword": ""
}
]

Description : Title of the configuration (mandatory, unique)
ServerAddress : LDAP server address or IP address  (mandatory)
ServerPort : LDAP server port (mandatory)
TransportSecurity : 0: None, 1: SSL, 2: StartTLS
SearchBase : LDAP Naming base DN  (mandatory)
BindDN : Leave empty for anonymous
BindPassword : Leave empty for anonymous
AppReversePhoneLookupLDAPConfigurations
NString (JSON)
e.g.
{
"Description": "Default",
"ServerAddress": "ldap.example.com",
"ServerPort": "389",
"TransportSecurity": 1,
"SearchBase": "dc=mkt,dc=mainstore,dc=com",
"BindDN": "",
"BindPassword": ""
}

Description : Title of the configuration (mandatory, unique)
ServerAddress : LDAP server address or IP address  (mandatory)
ServerPort : LDAP server port (mandatory)
TransportSecurity : 0: None, 1: SSL, 2: StartTLS
SearchBase : LDAP Naming base DN  (mandatory)
BindDN : Leave empty for anonymous
BindPassword : Leave empty for anonymous
AppSelectiveAuthentication
N

Boolean

(e.g. True, False)

False
AppPreemptivePushScheduling
NInteger(e.g. -1, 0, 1)
-1-1: User can select the option
0: Admin disables the option forcibly. User can't change the option.
1: Admin enables the option forcibly. User can't change the option.
AppEWSURL
NStringhttps://outlook.office365.com:443/EWS/Exchange.asmx


AppMinimumSecurityPatchVersion
NString(e.g. 2017-10 or 2017-10-05)
""android.os.Build.VERSION.SECURITY_PATCH
AppCorporateContactsRefreshInterval
NIntegere.g. 30
Days
30: every 30 days
AppCorporateContactsSyncFields
NString (CSV)
e.g. "givenName, cn, homePhone, sn, mobile, o, mail, telephoneNumber, title, departement"


AppCorporateContactsCallerDisplay
NString (CSV)
e.g. "cn, title, OU"


AppCorporateContactsLDAPConfigurations
NString (JSON)

e.g.

[

  {

    "Description": "Default",

    "ServerAddress": "ldap.example.com",

    "ServerPort": "389",

    "TransportSecurity": 1,

    "SearchBase": "dc=mkt,dc=mainstore,dc=com",

    "BindDN": "",

    "BindPassword": ""

  }

]


Description : Title of the configuration (mandatory, unique) ServerAddress : LDAP server address or IP address  (mandatory) ServerPort : LDAP server port (mandatory) TransportSecurity : 0: None, 1: SSL, 2: StartTLS SearchBase : LDAP Naming base DN  (mandatory) BindDN : Leave empty for anonymous BindPassword : Leave empty for anonymous
AppUseLoginCertificateWithoutUserPassword
NBoolean(e.g. True, False)False


* User Configuration allows the application to detect the user of the application, however does not uthenticate the user.

Key
Required
Type
Example
Default
Description

UserName

Y

String

(e.g. wtillman)

 

Username of the user who is using the device. Value to be used by application to authenticate user.

UserEmail

Y

String

(e.g. will@company.com)

 

Email address of the user who is using the application

UserPassword

N

String

(e.g. ****)


Password for the user who is using the application

UserDomain

N

String

(e.g. NADOMAIN)

 

Domain of the user who is using the application

Multiple domains are able to be set with semicolon.

(eg. NADOMAIN1;NADOMAIN2)

UserDisplayName

N

String

(e.g. James)

 

User name which is displayed in Nine app

UserSignature

N

String

(e.g. ABC Company, James, CIO, +4081234567)

 

Email signature. If empty, use "Sent from Nine"

UserLicenseNumber

N

String

(e.g. 123456781234)

 

License key which is purchased in 9Folders web site

UserEmailSyncRange

N

Integer



0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month

UserEmailDownloadSize

N

Integer



0: All
1: 10KB
2: 20KB
3: 50KB
4: 100KB

UserDefaultCalendar

N

String

(e.g. com.google.android.calendar)


Package name of the Calendar app which is used as the default Calendar. If it is empty, Nine Calendar is used as default.

UserFontFamily

N

String

(e.g. Calibri, Arial, Helvetica, sans-serif)


Default font family for outgoing email.

UserFontSize

N

String

(e.g. 11.5)


Default font size for outgoing email.

UserFontColor

N

String

(e.g. #000000)


Default font color for outgoing new email.

UserReplyFontColor

N

String

(e.g. #1F497D)


Default font color for reply email.

UserInAppCalendarNotification

N

Boolean

(e.g. True, False)

True

Calendar notification settings

UserDefaultEditor

N

Integer

(e.g. 0, 1)

0

0: Rich Text Editor

1: Text Editor

UserMessageFormat
N

Integer

(e.g. 0, 1, 2)

10: TEXT
1: HTML
2: MIME
UserReFwdSeparatorStyle
N

Integer



0: No separator
1: 1px
2: 2px
3: Outlook 2016
UserContactsFieldsLevel
NInteger(eg, 0, 1, 2)
00: All Fields
1: Minimum Fields (Name Fields, Phone Fields, Photo Field)
2: All fields except Email address
PolicyMaxEmailLookback
NInteger
-1

-1: Exchange Policy
0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month

UserSyncSystemCalendarStorage
N

Boolean

(e.g. True, False)

FALSEDefault value for syncing to the system Calendar storage
UserSyncSystemContactsStorage
N

Boolean

(e.g. True, False)

FALSE
Default value for syncing to the system Contacts storage
UserDownloadableAttachmentsMaxSize
NInteger

0xx: xxMB Limited
0 Unlimited (Default)
eg)
10: 10MB Limited
25: 25MB Limited
UserAutoAdvance
NInteger

00: Open the previous item
1: Open the next item
2: Return to the current folder
UserReportDiagnosticInfo
N

Boolean

(e.g. True, False)

TRUE
UserBiometricUnlock
N

Boolean

(e.g. True, False)

FALSE

UserNotesTemplate
NString


Ex) "UserNotesTemplate": {  
"Title": "Memo",
"Template": "To: \nFrom: \nDate: \nSubject: \n\n"
}
UserSyncWhenRoaming
NInteger

(e.g. 0, 1)

00: Off
1: On
EnforceSyncWhenRoaming
NBoolean(e.g. True, False)
False
UserPreemptivePushScheduling
NBoolean(e.g. True, False)
False
UserShowAsConversation
NBoolean(e.g. True, False)
True
EnforceStorageEncryption
NBoolean(e.g. True, False)
FalseTRUE: Encrypt storage
FALSE: DO NOT encrypt storage


* Branding Configuration allows an application to customize the look and feel for a specific organization.

Key
Required
Type
Example
Default
Description

BrandingLogo

N

String

(e.g.. http://myserver/image.png)

 

String representing HTTP URL of the image to download and display as the main wallpaper within the application. Each application could implement the visual representation differently.

- Recommend format: PNG (Other formats are applicable)

- Background color: #ff009688

- Recommend resolution: 720x264 (Max 1024x1024)

BrandingSplashLogo

N

String

(e.g.. http://myserver/image.png)


String representing HTTP URL of the image to download and display as the logo image in the splash screen. Images recommended to be in PNG format.
Size: 720x264

BrandingName

N

String

(e.g. Company Name)

 

String representing the company name which could be displayed in the application.

BrandingColor
NString(e.g. #1F497D)

RGB(31, 73, 125)


* Security (or Custom) Settings allows an application to enable or disable certain security features

Key
Required
Type
Example
Default
Description

AllowCalendarSync

N

Boolean

(e.g. True, False)

True

Allow Calendar sync

AllowContactsSync

N

Boolean

(e.g. True, False)

True

Allow Contacts sync

AllowTasksSync

N

Boolean

(e.g. True, False)

True

Allow Tasks sync

AllowNotesSync

N

Boolean

(e.g. True, False)

True

Allow Notes sync

AllowPrint

N

Boolean

(e.g. True, False)

True

Allow print

AllowShareContents

N

Boolean

(e.g. True, False)

True

Allow to share the contents of Email/Tasks/Notes

AllowShareAttachment

N

Boolean

(e.g. True, False)

True

Allow to share the attachments to 3rd party app

AllowSaveAttachment

N

Boolean

(e.g. True, False)

True

Allow to save attachments into external storage

AllowGalShare

N

Boolean

(e.g. True, False)

True

Allow to deliver the GAL search results to 3rd party app

IgnoreExchangePolicy

N

Boolean

(e.g. True, False)

False

Disregard Exchange Policy. Instead, MDM controls the policy.

AllowDeleteOwnAccount

N

Boolean

(e.g. True, False)

True


AllowMultipleAccount

N

Boolean

(e.g. True, False)

FALSE

Allow to set up multiple accounts
AllowReFwdFromDA

N

Boolean

(e.g. True, False)

TRUE

Allow to forward or reply from a different account than the message originated from.

AllowAutoConfig

N

Boolean

(e.g. True, False)

FALSE


AllowSyncSystemCalendarStorage

N

Boolean

(e.g. True, False)

TRUE

Allow for Nine Calendar data to sync to system calendar storage.

Users can see Nine Calendar data on the stock Calendar app.

AllowSyncSystemContactsStorage

N

Boolean

(e.g. True, False)

TRUE

Allow for Nine Contacts data to sync to system contacts storage.

Users can see Nine Contacts data on the stock Contacts app.

AllowManualUserConfig

N

Boolean

(e.g. True, False)

FALSE

Allow to set up UserName and UserEmail manually.

AllowCamera
NBolean(e.g. True, False)
TrueAllow to use Camera
AllowOnlyWhitelistedApps
N

Boolean

(e.g. True, False)

FALSE

Allow to open files from Whitelist apps only

AllowExportMessage

N

Boolean

(e.g. True, False)

FALSE

Allow to export messages

AllowEWSConnectivity
N

Boolean

(e.g. True, False)

TRUE

Allow EWS connectivity for the features such as  Shared Calendar features.
AllowBiometricUnlockN

Boolean

(e.g. True, False)

TRUE

Allow Biometric authentication such as Fingerprint to unlock screen.
AllowCorporateContactsSync
NBoolean(e.g. True, False)
FALSEAllow to use the Corporate Contacts feature
AllowWidgetEmail
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Email widget
AllowWidgetCalendarAgenda
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Agenda widget
AllowWidgetCalendarMonth
N
Boolean
(e.g. True, False)

TRUE

Allow to use the MonthView widget
AllowWidgetTasks
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Tasks widget
AllowWidgetBadge
N
Boolean
(e.g. True, False)

TRUE

Allow to use the Badge widget
AllowScreenShot
NBoolean(e.g. True, False)
TRUEIf set to False, users can’t save a screenshot of the display and are prevented from capturing a screen recording as well.

 

ActiveSync server synchronization due to app configuration

Nine Work synchronizes all emails, tasks, notes, contacts and calendar items with the ActiveSync server when the device user first launches Nine Work. It also does a full synchronization or delete account if you change the values of the following keys in the app configuration:

• AppDeviceId (Full synchronization)

• AppDeviceIdPrefix (Full synchronization)

• AppDeviceType (Full synchronization)

• AppUserAgentPrefix (Full synchronization)

• AppUserAgent (Full synchronization)

• UserEmail (Delete account)

• AppLoginCertificateAlias (Delete account)

The full synchronization or delete account occurs the next time the device checks in after you have changed the app configuration.