Nine Work Support Center

Contact Us

How to configure App Configuration Policies - MobileIron

Prerequisite

MobileIron Core/Cloud must be enabled for Android for Work in order to use Android for Work apps. To enable MobileIron Core/Cloud to provide Android for Work features, you must perform setup steps with Google, MobileIron Support, and MobileIron Core/Cloud Admin Console. Please ensure these steps are completed first.

Core Admin Guide: https://community.mobileiron.com/docs/DOC-3664

Cloud Admin Guide:  https://community.mobileiron.com/docs/DOC-2999

Overview

Nine Work is an email app to synchronize with Exchange Server using ActiveSync and it is based on Android for Work.
As of today email communication became a critical thing as interpersonal communication skill within an organization or in your daily life. There might be nothing more important than efficient communication in the work of a company. Nine Work is a full-fledged email application for Android based on Direct Push technology to synchronize with Microsoft Exchange Server using Microsoft Exchange ActiveSync, and also designed for entrepreneurs or ordinary people who want to have efficient communication with their colleagues, friends, ‎and family members at anytime, anywhere. You may already have good experience with other E-Mail apps for Android. Regardless of your existing experience, we will give you a superb experience more than anything else. Leveraging E-Mail, Contacts, Calendar, Tasks and Notes on your mobile devices through wireless networks enhances your user experience and dramatically reduces your time.

Android Package Name: com.ninefolders.hd3.work

App availability

For more details on Nine Work for Android’s feature set in general, please see
our listing on Google Play:
https://play.google.com/store/apps/details?id=com.ninefolders.hd3.work

Device compatibility

Only devices running Android 5.0 (Lollipop) and up are supported by our app.


App Deployment

1. Import the app into MobileIron Core.

MobileIron Core Admin Portal > Apps > App Catalog > Store Import  > Google Play > Google Play Store Search for the app > click Import 

2. Enable Android for Work for your app.

MobileIron Core Admin Portal > Apps > App Catalog > Search for your app > Edit App > In “Android For Work” section > Enable “Install this app for Android for Work”

3. Configuring the app

 MobileIron Core Admin Portal -> Apps -> App Catalog -> Search for your app -> Edit App -> In “Configurations” section -> List of key-value pairs will be pre-populated if the developer has provided them in the app.


4. Apply Label to App

MobileIron Core Admin Portal -> Apps -> App Catalog -> Select your app -> More Actions -> Apply Label

MobileIron Cloud Admin Portal


App-specific configuration

* App Service Configuration allows the application to connect to the appropriate app web services for an organization.

KeyRequiredTypeExampleDefaultDescription
AppServicePublisher
Y
String
(e.g. MobileIron)

MDM service provider
AppServiceHost
Y
String
(e.g. appserver.com)

Hostname used to communicate with the application’s primary server (e.g. myserver.com). Application should implement its own default value.
AppServiceSecondaryHost
N
String
(e.g. appserver.com)

Server address for the subordinate accounts
AppServiceSecondaryHosts
NString
(e.g. appserver.com;example.com)

Server addresses for the subordinate accounts.
AppSecondaryEmailDomains
NString
(e.g. appserver.com;example.com)

Email domains for the subordinate accounts.
AppServicePort
N
Integer
(e.g. 443)
443
Port number used to communicate with the application’s primary server (e.g. 443). Application should implement its own default value.
AppServiceUseSSL
N
Boolean
(e.g. True, False)
True
Determines if the application should use SSL when communicating to the applications’ server. Application should implement a default value.
AppServiceSSLTrustAll
N
Boolean
(e.g. True, False)
True
Accept all SSL certificates
AppDeviceIdPrefix
N
String
(e.g. MSFT, YHOO)
Nine
Prefix for distinguishing DeviceID, (4 alphabetic letters)
AppUserAgent
N
String
(e.g. Nine, MDM)

App name which is used in User Agent
AppUserAgentPrefix
N
String


Full text which is used in User Agent
AppDeviceId
N
String
(e.g. $DEVICE_SN$)

Device ID that the ActiveSync server uses for the device.
MobileIron Sentry: $DEVICE_SN$
MobileIron Cloud: ${deviceEasIdentifier}
AppDeviceType
N
String
(e.g. Android)
Android
Device Type
AppUseLoginCertificate
N
Boolean
(e.g. True, False)
False
Client CA
AppLoginCertificateAlias
N
String


Certificate alias


Enter the alias for the login certificate. The value should be a string alias representing a certificate with private key stored in
the work profile keystore. For example: $CERT_ALIAS:<certificate config name>$
AppReqParamPlaintext
N
Boolean
(e.g. True, False)
False
"The query value format in the URI contains all of the ActiveSync URI parameters.
e.g.)
Base64:
POST /Microsoft-Server-ActiveSync?jAAJBAp2MTQwRGV2aWNlAApTbWFydFBob25l HTTP/1.1
Plain text:
POST /Microsoft-Server- ActiveSync?Cmd=Sync&User=rmjones&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1"
AppUseModernAuthentication
N
Boolean
(e.g. True, False)
False
Modern Authentication (ADAL)
AppWhitelistedApps
NString
(e.g. com.microsoft.office.word,com.microsoft.office.excel)

Whitelist app lists
AppPasswordEnable
N
Integer
(e.g, -1, 0, 1)
-1
App password Enable -1 : Use Exchange Policy 0 : Disabled 1 : Enabled
AppPasswordComplexity
N
Integer
(e.g. 0, 1)
0
App password complexity (0 : Simple, 1: Alphanumeric)
AppPasswordMinLength
N
Integer
(e.g. 4)
0
App Password Minimum length
AppPasswordExpirationDays
N
Integer
(e.g. 90)
0
App Password expiration date
AppPasswordHistory
N
Integer
(e.g. 9)
0
App Password History counts
AppPasswordMaxFailed
N
Integer
(e.g. 10)
0
App Password Maximum failure counts
AppPasswordLockTime
N
Integer
(e.g. 60)
0
App Password Maximum Lock Time (Min.)
AppPasswordComplexChar
N
Integer
(e.g. 0)
0
App Password complex characters 0 : none 1,2 : letter + digit 3 : letter + digit + symbol 4 : letter (upper & lower) + digit + symbol
AppUseAuthenticationBroker
N
Boolean
(e.g. True, False)
False
Broker (Company Portal or Microsoft Authenticator)
AppUserAgentDetails
NStringEx) $OS $VERSION
$APP_VERSION
$APP_VERSION_CODE

Extra information for UserAgent
Eg> $OS $VERSION $APP_VERSION $APP_VERSION_CODE (Case sensitive) - SNINE4W-hero2ltexx/NRD90M (Android 7.0.1 4.0.3b 2402300)
AppLauncherShortcuts
NString
[
"Mail",
"Calendar",
"Contacts",
"Tasks",
"Notes"
]

eg)
Add Calendar and Tasks shortcuts as default.
[
"Calendar",
"Tasks"
]
AppSecureMailLoadRemoteImages
NInteger
(e.g. -1,0, 1, 2)
-1-1: User can select the option
0: Do not load
1: Ask before displaying remote images
2: Always display remote images
AppStrings
NString{
"compliance_changed_ticker_fmt": "Account $account_name changed its compliance settings; no user action is required.",
"compliance_notification_content_change_title": "Compliance have changed"
}
""DO NOT remove $account_name in the string
AppDisableURLRedirection
NBoolean(e.g. True, False)
False
AppLDAPConfigurations
NString (JSON)
e.g.
[
  {
    "Description": "Default",
    "ServerAddress": "ldap.example.com",
    "ServerPort": "389",
    "TransportSecurity": 1,
    "SearchBase": "dc=mkt,dc=mainstore,dc=com",
    "BindDN": "",
    "BindPassword": ""
  }
]

Description : Title of the configuration (mandatory, unique)
ServerAddress : LDAP server address or IP address  (mandatory)
ServerPort : LDAP server port (mandatory)
TransportSecurity : 0: None, 1: SSL, 2: StartTLS
SearchBase : LDAP Naming base DN  (mandatory)
BindDN : Leave empty for anonymous
BindPassword : Leave empty for anonymous
AppReversePhoneLookupLDAPConfigurations
NString (JSON)
e.g.
{
    "Description": "Default",
    "ServerAddress": "ldap.example.com",
    "ServerPort": "389",
    "TransportSecurity": 1,
    "SearchBase": "dc=mkt,dc=mainstore,dc=com",
    "BindDN": "",
    "BindPassword": ""
 }

Description : Title of the configuration (mandatory, unique)
ServerAddress : LDAP server address or IP address  (mandatory)
ServerPort : LDAP server port (mandatory)
TransportSecurity : 0: None, 1: SSL, 2: StartTLS
SearchBase : LDAP Naming base DN  (mandatory)
BindDN : Leave empty for anonymous
BindPassword : Leave empty for anonymous
AppSelectiveAuthentication
NBoolean

(e.g. True, False)

False
AppPreemptivePushScheduling
NInteger(e.g. -1, 0, 1)
-1-1: User can select the option
0: Admin disables the option forcibly. User can't change the option.
1: Admin enables the option forcibly. User can't change the option.
AppEWSURL
NStringhttps://outlook.office365.com:443/EWS/Exchange.asmx


AppMinimumSecurityPatchVersion
NString(e.g. 2017-10 or 2017-10-05)

android.os.Build.VERSION.SECURITY_PATCH


* User Configuration allows the application to detect the user of the application, however does not authenticate the user.

KeyRequiredTypeExampleDefaultDescription
UserName
Y
String
(e.g. wtillman)
 
Username of the user who is using the device. Value to be used by application to authenticate user.
UserEmail
Y
String
(e.g. will@company.com)
 
Email address of the user who is using the application
UserPassword
N
String
(e.g. ****)

Password for the user who is using the application
UserDomain
N
String
(e.g. NADOMAIN)
 
Domain of the user who is using the application.
Multiple domains are able to be set with semicolon.
(eg. NADOMAIN1;NADOMAIN2)
UserDisplayName
N
String
(e.g. James)
 
User name which is displayed in Nine app
UserSignature
N
String
(e.g. ABC Company, James, CIO, +4081234567)
 
Email signature. If empty, use "Sent from Nine"
UserLicenseNumber
N
String
(e.g. 123456781234)
 
License key which is purchased in 9Folders web site
UserEmailSyncRange
N
Integer


0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month
UserEmailDownloadSize
N
Integer


0: All
1: 10KB
2: 20KB
3: 50KB
4: 100KB
UserDefaultCalendar
N
String
(e.g. com.google.android.calendar)

Package name of the Calendar app which is used as the default Calendar. If it is empty, Nine Calendar is used as default.
UserFontFamily
N
String
(e.g. Calibri, Arial, Helvetica, sans-serif)

Default font family for outgoing email.
UserFontSize
N
String
(e.g. 11.5)

Default font size for outgoing email.
UserFontColor
N
String
(e.g. #000000)

Default font color for outgoing new email.
UserReplyFontColor
N
String
(e.g. #1F497D)

Default font color for reply email.
UserInAppCalendarNotification
N
Boolean
(e.g. True, False)
True
Calendar notification settings
UserDefaultEditor
N
Integer
(e.g. 0, 1)
0
0: Rich Text Editor
1: Text Editor
UserMessageFormat
NInteger
(e.g. 0, 1,2)
10: TEXT
1: HTML
2: MIME
UserReFwdSeparatorStyle
NInteger


0: No separator
1: 1px
2: 2px
3: Outlook 2016
UserContactsFieldsLevel
NInteger(eg, 0, 1, 2)
00: All Fields
1: Minimum Fields (Name Fields, Phone Fields, Photo Field)
2: All fields except Email address
PolicyMaxEmailLookback
NInteger
-1-1: Exchange Policy
0: All
1: 1 Day
2: 3 days
3: 1 week
4: 2 weeks
5: 1 month
UserSyncSystemCalendarStorage
NBoolean(e.g. True, False)
FALSEDefault value for syncing to the system Calendar storage
UserSyncSystemContactsStorage
NBoolean
(e.g. True, False)
FALSE
Default value for syncing to the system Contacts storage
UserDownloadableAttachmentsMaxSize
NInteger

0xx: xxMB Limited
0 Unlimited (Default)
eg)
10: 10MB Limited
25: 25MB Limited
UserAutoAdvance
NInteger

00: Open the previous item
1: Open the next item
2: Return to the current folder
UserReportDiagnosticInfo
NBoolean
(e.g. True, False)
TRUE
UserBiometricUnlock
NBoolean
(e.g. True, False)
FALSE

UserNotesTemplate
NString

Ex) "UserNotesTemplate": {  
"Title": "Memo",  
"Template": "To: \nFrom: \nDate: \nSubject: \n\n"
}
UserSyncWhenRoaming
NInteger

(e.g. 0, 1)

00: Off
1: On
EnforceSyncWhenRoaming
NBoolean(e.g. True, False)
False
UserPreemptivePushScheduling
NBoolean(e.g. True, False)
False
UserShowAsConversation
NBoolean
(e.g. True, False)
True
EnforceStorageEncryption
NBoolean(e.g. True, False)
FalseTrue: Encrypt storage
False: DO NOT encrypt storage
EnforceExternalBrowsers
NString(e.g. com.microsoft.emmx, com.android.chrome)
""The package names of the Browser app which is used as the default Browser.



* Branding Configuration allows an application to customize the look and feel for a specific organization.

KeyRequiredTypeExampleDefaultDescription
BrandingLogo
N
String
(e.g.. http://myserver/image.png)
 
String representing HTTP URL of the image to download and display as the main wallpaper within the application. Each application could implement the visual representation differently.
- Recommend format: PNG (Other formats are applicable)
- Background color: #ff009688
- Recommend resolution: 720x264 (Max 1024x1024)
BrandingSplashLogo
NString
(e.g.. http://myserver/image.png)

String representing HTTP URL of the image to download and display as the logo image in the splash screen. Images recommended to be in PNG format.
Size: 720x264
BrandingName
N
String
(e.g. Company Name)
 
String representing the company name which could be displayed in the application.
BrandingColor
NString(e.g. #1F497D)

RGB(31, 73, 125)  


* Security (or Custom) Settings allows an application to enable or disable certain security features

KeyRequiredTypeExampleDefaultDescription
AllowCalendarSync
N
Boolean
(e.g. True, False)
True
Allow Calendar sync
AllowContactsSync
N
Boolean
(e.g. True, False)
True
Allow Contacts sync
AllowTasksSync
N
Boolean
(e.g. True, False)
True
Allow Tasks sync
AllowNotesSync
N
Boolean
(e.g. True, False)
True
Allow Notes sync
AllowPrint
N
Boolean
(e.g. True, False)
True
Allow print
AllowShareContents
N
Boolean
(e.g. True, False)
True
Allow to share the contents of Email/Tasks/Notes
AllowShareAttachment
N
Boolean
(e.g. True, False)
True
Allow to share the attachments to 3rd party app
AllowSaveAttachment
N
Boolean
(e.g. True, False)
True
Allow to save attachments into external storage
AllowGalShare
N
Boolean
(e.g. True, False)
True
Allow to deliver the GAL search results to 3rd party app
IgnoreExchangePolicy
N
Boolean
(e.g. True, False)
False
Disregard Exchange Policy. Instead, MDM controls the policy.
AllowDeleteOwnAccount
N
Boolean
(e.g. True, False)
True

AllowMultipleAccount
N
Boolean
(e.g. True, False)
FALSE
Allow to set up multiple accounts
AllowReFwdFromDA
N
Boolean
(e.g. True, False)
TRUE
Allow to forward or reply from a different account than the message originated from.
AllowAutoConfig
N
Boolean
(e.g. True, False)
FALSE

AllowSyncSystemCalendarStorage
N
Boolean
(e.g. True, False)
TRUE
Allow for Nine Calendar data to sync to system calendar storage. Users can see Nine Calendar data on the stock Calendar app.
AllowSyncSystemContactsStorage
N
Boolean
(e.g. True, False)
TRUE
Allow for Nine Contacts data to sync to system contacts storage. Users can see Nine Contacts data on the stock Contacts app.
AllowManualUserConfig
N
Boolean
(e.g. True, False)
FALSE
Allow to set up UserName and UserEmail manually.
AllowCamera
NBoolean(e.g. True, False)
True
AllowOnlyWhitelistedApps
NBoolean
(e.g. True, False)
FALSE
Allow to open files from Whitelist apps only
AllowExportMessage
N
Boolean
(e.g. True, False)
FALSE
Allow to export messages
AllowEWSConnectivity
NBoolean
(e.g. True, False)
TRUE
Allow EWS connectivity for the features such as  Shared Calendar features.
AllowBiometricUnlock
NBoolean
(e.g. True, False)
TRUE
Allow Biometric authentication such as Fingerprint to unlock screen.
AllowWidgetEmail
NBoolean
(e.g. True, False)
TRUE
Allow to use the Email widget
AllowWidgetCalendarAgenda
NBoolean
(e.g. True, False)
TRUE
Allow to use the Agenda widget
AllowWidgetCalendarMonth
NBoolean
(e.g. True, False)
TRUE
Allow to use the MonthView widget
AllowWidgetTasks
NBoolean
(e.g. True, False)
TRUE
Allow to use the Tasks widget
AllowWidgetBadge
NBoolean
(e.g. True, False)
TRUE
Allow to use the Badge widget
AllowScreenShot
NBoolean
(e.g. True, False)
TRUEIf set to False, users can’t save a screenshot of the display and are prevented from capturing a screen recording as well.


ActiveSync server synchronization due to app configuration

Nine Work synchronizes all emails, tasks, notes, contacts and calendar items with the ActiveSync server when the device user first launches Nine Work. It also does a full synchronization or delete account if you change the values of the following keys in the app configuration:

• AppDeviceId (Full synchronization)

• AppDeviceIdPrefix (Full synchronization)

• AppDeviceType (Full synchronization)

• AppUserAgentPrefix (Full synchronization)

• AppUserAgent (Full synchronization)

• UserEmail (Delete account)

• AppLoginCertificateAlias (Delete account)

The full synchronization or delete account occurs the next time the device checks in after you have changed the app configuration.

Security Controls

 Current List of MobileIron supported Lockdown policies: Policies & Configs > Policies > Add New > Lockdown) example screen shot or description

NOTE: Each of the above features are described in complete detail in DOC-3664. Future core releases could introduce new Lockdown options

MobileIron Core: https://community.mobileiron.com/docs/DOC-3664

Secure Tunneling support

This section is not applicable for Nine Work. If you are using a Standalone Sentry, all communication with the ActiveSync server is through a secure connection to the Standalone Sentry. If not, Nine Work communicates with the ActiveSync server directly.